The US Cybersecurity and Infrastructure Security Agency (CISA) has released a security guidance for organizations in the healthcare and public health sectors, which is a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023.
The guide provides defensive mitigation strategy recommendations and best practices to defend against cyber threats affecting the healthcare sector. It also identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur.
The document emphasizes the importance for organizations to conduct regular vulnerability scans, prioritize assets based on criticality and leverage threat intelligence to address actively exploited vulnerabilities.
CISA also strongly encourages HPH entities to use the threat intelligence information mentioned in the mitigation guide to effectively address and remediate their vulnerability exposure, and to protect their organizations from potential ransomware attacks, data breaches, loss or theft of equipment or data, and attacks against network-connected medical devices.
