It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative will address health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

This series will equip health centers and their staff to:  

1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
4. Adopt cybersecurity risk management paradigms and incident response planning templates.

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have announced an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.  
 
CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans. 

It has been noted that hackers are using Ryuk ransomware — malicious software used to encrypt data and keep it locked up — and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities. Such data hijacking often cripples online systems, forcing many to pay up to millions of dollars to restore their services.

Find links and further documentation below