CISA and HHS look to help the health sector ramp up cyber hygiene

alengo/Getty Images

Agency resources are intended to address the longstanding challenges health systems and hospitals have faced from increasingly advanced cyberattacks.

The Cybersecurity and Infrastructure Security Agency released a new set of guidance in partnership with the U.S. Department of Health and Human Services tailored to protecting the health care sector from cyberattacks,

Announced on Wednesday, the cybersecurity tool kit acts as a singular portal for health care entities to access various cybersecurity resources. Some offerings include overviews of cyber hygiene, how to address resource constraints and how to voluntarily share information on potential breaches. 

The resource is intended to address the longstanding challenges critical infrastructure entities, like health care, have faced from increasingly advanced cyber attacks. 

“We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years,” said HHS Deputy Secretary Andrea Palm. “These attacks expose vulnerabilities in our health care system, degrade patient trust and ultimately endanger patient safety.”

Palm added that her agency is “working closely” with both CISA and industry partners to continue disseminating helpful guidance for health care organizations, particularly those that suffer from a lack of resources to protect the sensitive personal information that lives in their digital networks. 

“Given that health care organizations have a combination of personally identifiable information, financial information, health records and countless medical devices, they are essentially a one-stop shop for an adversary,” said CISA Deputy Director Nitin Natarajan. 

CISA and HHS’s toolkit follows the mandates outlined in Biden administration’s May 2021 cybersecurity executive order that asks federal agencies to improve their cyber incident sharing.