Healthcare continues to be the sector most targeted globally by ransomware and related malware attacks and leads in the average total cost of data breach across industries. The FY 2021 American Rescue Plan Funding provides an excellent opportunity for Health Centers to make strategic investments in cybersecurity infrastructure and services. This HITEQ Highlight, presented by Adam Kehler of Online Business Systems provides an overview of assets that can increase Health Center cybersecurity. Topics covered include cybersecurity infrastructure and services that can increase defense-in-depth for health IT, including EHRs, telehealth tools and services, mobile medical devices, patient portals, and related health information software applications.

Note: You can view our American Rescue Plan: Budget Your Cybersecurity Investments guidance document in the Documents to Download section below. An accessible version of the handout is is also available in the Documents to Download section. 

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have announced an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.  
 
CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans. 

It has been noted that hackers are using Ryuk ransomware — malicious software used to encrypt data and keep it locked up — and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities. Such data hijacking often cripples online systems, forcing many to pay up to millions of dollars to restore their services.

Find links and further documentation below

This toolkit from the National Rural Health Resource Center is organized into four steps to guide rural hospitals and clinics in developing and fostering a well-rounded cybersecurity program, including awareness, assessment, implementation & remediation, and education. A survey of available resources from various governmental and non-profit organizations is also included, as are checklists and tools that are appropriate for all audiences, including hospitals and clinics in rural settings.

The recent global ransomware attacks have revealed weaknesses in many organizations’ security plans. The global nature of the attacks demonstrate how easy it is for criminals to target health records for either profit or malicious reasons. And it confirms that the danger of cyber-attacks will not end any time soon. This webinar, presented by noted ethical hacker Kevin Johnson, will provide insight into how hackers identify vulnerabilities and provide specific advice to help you prepare a line of defense against the next generation of attack.

As National Cybersecurity Awareness Month comes to a close, ONC will be hosting a Twitter chat (#CyberAwareChat) on Thursday, October 27 at 1pm ET. The chat will cover security best practices, breach prevention tips, ransomware, and other cybersecurity topics. Anyone interested in helping make sure they are keeping health information safe and secure should join us to share what tips on what you’ve found effective and to learn from others’ best practices.