CISA Unveils Healthcare Cybersecurity Guide

The US Cybersecurity and Infrastructure Security Agency has released a Mitigation Guide specifically tailored for the Healthcare and Public Health sector. The new guide outlines defensive mitigation strategies and best practices to counteract prevalent cyber-threats targeting critical infrastructure in the healthcare domain. The paper, published on Friday, emphasizes the importance of vulnerability management, which it defines as the continuous identification, assessment and remediation of cyber vulnerabilities in software and systems. It underscores the need for organizations to conduct regular vulnerability scans, prioritize assets based on criticality and leverage threat intelligence to address actively exploited vulnerabilities. The guide also details a step-by-step vulnerability management lifecycle, guiding entities from identification to improvement. The document addresses the significance of configuration and change management in tandem with established vulnerability and patch management solutions. HPH entities are encouraged to implement security configuration management to identify and rectify misconfigurations in default system settings. Incidentally, in a move towards a more secure future, CISA co-authored and published "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software" on April 13. This publication, recently updated, advocates for a paradigm shift in technology product development, urging manufacturers to prioritize security in the design and development phase rather than relying on post-deployment patches. The guide concludes with a focus on HPH sector vulnerability remediation guidance, providing tables outlining prioritized vulnerabilities along with remediation and compensating control recommendations. CISA recommended that HPH entities diligently track and prioritize vulnerabilities based on their internal network architecture and risk posture. The new guidelines are designed to serve as a vital resource for the HPH sector, offering actionable insights to enhance cybersecurity defenses against potential threats. For a detailed understanding of prioritized vulnerabilities and remediation guidance, readers are encouraged to refer directly to the published Mitigation Guide.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to CISA Unveils Healthcare Cybersecurity Guide

Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
9 months ago Securityzap.com
Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
5 months ago Techtarget.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
9 months ago Darkreading.com
Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
9 months ago Cybersecuritynews.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 month ago Therecord.media
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
9 months ago Cysecurity.news
Unveiling the true cost of healthcare cybersecurity incidents - As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity ...
10 months ago Helpnetsecurity.com
Transforming in the Age of Healthcare Digitalization - Healthcare and technology increasingly intersect in today's world, and cybersecurity has become a primary concern for many companies. The recent attack on Change Healthcare serves as a harsh reminder of the vulnerabilities facing the healthcare ...
4 months ago Cyberdefensemagazine.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
4 months ago Techtarget.com
Best Network Security Providers for Healthcare - The exponential growth of Electronic Health records, telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security. Network security providers specializing in healthcare offer a ...
6 months ago Cybersecuritynews.com
CISA Unveils Healthcare Cybersecurity Guide - The US Cybersecurity and Infrastructure Security Agency has released a Mitigation Guide specifically tailored for the Healthcare and Public Health sector. The new guide outlines defensive mitigation strategies and best practices to counteract ...
11 months ago Infosecurity-magazine.com
Three Trends to Watch in 2024 - Our new guide, The Healthcare CISO's Guide to Cybersecurity Transformation, highlights the latest trends in healthcare today and where security leaders should focus their defensive efforts going forward. Malicious attacks on healthcare have grown ...
9 months ago Paloaltonetworks.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
11 months ago Cisa.gov
Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
5 months ago Esecurityplanet.com
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
8 months ago Malwarebytes.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
6 months ago Feeds.fortinet.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
11 months ago Cisa.gov
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
11 months ago Cisa.gov
Insights from CISA HPH Sector Risk and Vulnerability Assessment - In an ever-evolving digital landscape, the healthcare and public health sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency recently conducted a Risk and Vulnerability Assessment, ...
10 months ago Securityboulevard.com
Sophisticated Cyber Threats Require a New Approach to Digital Security in Healthcare. - In the era of modernization, healthcare organizations are pushing for digitalization in their EMR's. The world of cybersecurity is changing at a breakneck pace: cyber threats are becoming more sophisticated and frequent, and the White House, Senate, ...
10 months ago Cyberdefensemagazine.com
HHS to investigate UnitedHealth and ransomware attack on Change Healthcare - The U.S. Department of Health and Human Services is launching an investigation into the ransomware attack on Change Healthcare following weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country. ...
8 months ago Therecord.media
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
10 months ago Securityzap.com
Future Health: AI's Impact on Personalised Care in 2024 - As we dive into the era of incorporating Artificial Intelligence into healthcare, the medical sector is poised for a profound transformation. AI holds immense potential in healthcare, offering groundbreaking advancements in diagnostics, personalised ...
10 months ago Cysecurity.news
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)