The HHS (Health and Human Services) department released a healthcare guidelines comprising voluntary cybersecurity practices to various healthcare organizations extending in size from local hospitals to large hospital organizations. Healthcare technologies are important for patient safety, however those technologies are help to recognize the risks. If those risks are not managed in a right way, they can result in interruption to healthcare operations, harm to patients, and high data breaches. Data loss was a main concern of healthcare orgs in the year 2018; according to the survey from January 1 to August 31, the Office of Civil Rights found reports of 192 theft cases affecting over two million persons. Though some of the data, on smartphones, laptops, and tablets was physically stolen, in many the data wasn’t sufficiently protected.
These guidance contains four different including small healthcare organizations, medium and large providers, templates and resources for end users, and a fourth for cybersecurity practices nearby threats and protecting patients. The publication was recruited following a 2 year partnership with over 150 cybersecurity & healthcare professionals, according to Healthcare Data Management. HHS Chief Officer Janet Vogel stated that, “It is the main responsibility of each organization involving in healthcare & public health. We must identify and control the value of partnerships amongst industry stakeholders and government to challenge the shared complications collaboratively.”
The Health and Human Services department said protecting against cyber-attacks is just like fighting a fatal virus. It takes coordination and mobilization of resources across number of public and private shareholders, comprising IT vendors, hospitals, medical device manufacturers, and governments to reduce risks and impact.
The healthcare guidance is a combination of common sense practices and highly technical solutions which will applicable to a large number of healthcare facilities. The essential document discovers the five most appropriate threats to the healthcare industry and commends 10 cybersecurity practices to improve them. It also highlights the importance of moving fast to address these threats. The basic of the guide comprises current threats in front of the industry and some best practices for justifying these threats.
1. Equipment or data theft
2. E-mail phishing attack
3. Intentional and Insider data loss
4. Attacks against medical devices which may disturb patient safety.
Some practices for justifying cyber threats include:
1. Asset management
2. E-mail protection systems
3. Access management
4. Incident response
5. Network management
6. Data protection & loss prevention
7. Endpoint protection systems
8. Cybersecurity policies
9. Medical device security
10. Vulnerability management