CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector

WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key findings and activities during a Risk and Vulnerability Assessment conducted at a healthcare and public health organization in early 2023.
The advisory also provides network defenders and software manufacturers recommendations for improving their organizations' and customers' cyber posture, which reduces the impact of follow-on activity after initial access.
The CISA assessments team identified several findings as potentially exploitable vulnerabilities that could compromise the confidentiality, integrity, and availability of the tested environment.
Tailored for HPH organizations of all sizes as well as for all critical infrastructure organizations, the advisory provides several recommended mitigations mapped to 16 specific cybersecurity weaknesses identified during the RVA. Also, the advisory provides three mitigation strategies that all organizations should implement: Asset management and security, Identity management and device security, and Vulnerability, patch, and configuration management.
Each strategy has specific focus areas with details and steps on how HPH entities can implement them to strengthen their cybersecurity posture.
This advisory builds on the CISA and Health and Human Services Healthcare Cybersecurity Toolkit and CISA's Mitigation Guide for HPH Sector that were recently released.
The recommended mitigations for network defenders are mapped to the Cross-Sector Cybersecurity Performance Goals.
The recommended actions for software manufacturers are aligned to the recently updated, Principles and Approaches for Secure by Design Software, a joint guide co-sealed by 18 U.S. and international agencies.
It urges software manufacturers to take urgent steps necessary to design, develop, and deliver products that are secure by design.
About CISA. As the nation's cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.


This Cyber News was published on www.cisa.gov. Publication date: Fri, 15 Dec 2023 18:13:04 +0000


Cyber News related to CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector

A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
6 months ago Cisa.gov
Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
10 months ago Securityzap.com
Insights from CISA HPH Sector Risk and Vulnerability Assessment - In an ever-evolving digital landscape, the healthcare and public health sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency recently conducted a Risk and Vulnerability Assessment, ...
11 months ago Securityboulevard.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
10 months ago Darkreading.com
Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
6 months ago Techtarget.com
The Technology That's Remaking OU Health into a Top-Tier Medical Center - This, along with our desire to replace our electronic health record and revenue cycle system, contributed to OU Health's decision to completely overhaul our IT infrastructure in support of our long-term organizational needs. OU Health strives to ...
1 year ago Feedpress.me
Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
11 months ago Cybersecuritynews.com
Randolph Health Announces Data Breach Stemming from Breached Employee Email Account - On April 10, 2024, American Healthcare Systems LLC d/b/a Randolph Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed a Randolph ...
8 months ago Jdsupra.com
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
1 year ago Cisa.gov
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
10 months ago Cysecurity.news
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
9 months ago Itsecurityguru.org
Health Care Network in Crisis: Cyberattack Shuts Down Operations Across US - In a statement released Thursday evening by Ascension Hospital, a nonprofit network based in St. Louis with 140 hospitals across 19 states, it was also reported that electronic health records, some phone systems, as well as several systems used to ...
7 months ago Cysecurity.news
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
9 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
9 months ago Malwarebytes.com
Change Healthcare's New Ransomware Nightmare Goes From Bad to Worse - Change Healthcare is facing a new cybersecurity nightmare after a ransomware group began selling what it claims is Americans' sensitive medical and financial records stolen from the health care giant. RansomHub claimed it had health care data on ...
8 months ago Wired.com
Future Health: AI's Impact on Personalised Care in 2024 - As we dive into the era of incorporating Artificial Intelligence into healthcare, the medical sector is poised for a profound transformation. AI holds immense potential in healthcare, offering groundbreaking advancements in diagnostics, personalised ...
11 months ago Cysecurity.news
Norton Healthcare discloses data breach after May ransomware attack - Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and ...
1 year ago Bleepingcomputer.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
CISA Releases Advisory on Cyber Resilience for the HPH Sector - Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, that details findings from our risk and vulnerability assessments of a Health and ...
1 year ago Cisa.gov
Unveiling the true cost of healthcare cybersecurity incidents - As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity ...
11 months ago Helpnetsecurity.com
Transforming in the Age of Healthcare Digitalization - Healthcare and technology increasingly intersect in today's world, and cybersecurity has become a primary concern for many companies. The recent attack on Change Healthcare serves as a harsh reminder of the vulnerabilities facing the healthcare ...
5 months ago Cyberdefensemagazine.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
11 months ago Techtarget.com
HHS to investigate UnitedHealth and ransomware attack on Change Healthcare - The U.S. Department of Health and Human Services is launching an investigation into the ransomware attack on Change Healthcare following weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country. ...
9 months ago Therecord.media
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
11 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)