The Department of Health and Human Services (HHS) recently issued guidelines for healthcare sector to reduce the security risks and boost cybersecurity practices across the industry.
HHS recently drafted “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” in partnership with more than 150 cybersecurity leaders in the healthcare industry. The guidelines intend to leverage the cybersecurity framework to educate healthcare professionals on cybersecurity and help organizations in implementing cybersecurity practices.
The publication reveals five most relevant and current threats to the healthcare industry and also recommends 10 Cybersecurity Practices to help mitigate these threats. It also includes technical volumes that focus on cybersecurity practices for small, medium and large healthcare organizations, and include resources and templates organizations can use to assess their cybersecurity posture and develop policies and procedures.
“Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” said Janet Vogel, HHS Acting Chief Information Security Officer.
Healthcare industry has been a prime target for hackers. Recently, BJC HealthCare, a non-profit healthcare networks in the United States, reported a data breach that affected 5,850 people. BJC stated that unknown intruders illegally gained access to its patients’ payment portal and uploaded malware that potentially compromised the personal and credit/debit card information. The security professionals at BJC determined that the malicious code exploited the payment portal and exposed the payment information from October 25, 2018, to November 08, 2018, affecting 5,850 of its users.