Health care providers have worked diligently to mitigate breaches in patient health information as they have increased the use of health records. As technology’s role in the delivery of health care grows, the cybersecurity risks are increasing, and organizations find themselves mitigating a variety of new and ever-changing cyberattacks to a wide range of clinical and operational technology systems.
CHA encourages all health care providers to work with their information system management team to identify the necessary resources to develop a strong cybersecurity defense.
Governor Brown signed Executive Order B-34-15, establishing the California Cybersecurity Integration Center to be established and led by California’s Office of Emergency Services. The Center’s primary mission will be to reduce the likelihood and severity of cyber incidents that could damage California.
In the wake of several natural disasters, providers are reminded to stay vigilant for cyber scams. The attached tips from the National Health Information Sharing and Analysis Center outline several common scams attempted in times of crisis, including spoofs of relief organizations, sham flood mitigation or debris removal organizations, and flood insurance robocall scams. Those who wish to donate to relief funds should:
Healthcare and Public Health Sector Critical Infrastructure Security and Resilience Partnership has released a Template For Healthcare Cybersecurity Incident Action Plan to assist hospital CEO’s in creating a documented plan for recovery from a cybersecurity incident.
The Federal Bureau of Investigation Internet Crime Complaint Center, also known as IC3, accepts online Internet crime complaints. Complaints may come from the victim or interested third party. When filing a complaint be accurate and thorough. Be sure to include your name, address, and phone number as well as the perpetrator’s, if known. Include specific details on how, when, and why as well as any other pertinent information. To file a claim or for more information click here.
Cybersecurity vulnerabilities and intrusions pose risks for every hospital and its reputation. While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks. Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework. Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.
California is at the center of the digital revolution that is changing the world. Because of work done by companies right here in our home state, we are more connected – and empowered – than ever before. But we are also increasingly vulnerable. Unfortunately, cyber-crime, data breaches, theft of proprietary information, hacking and malware incidents are now routine.
Every business in California should follow the steps summarized in the attached guide “Cybersecurity in the Golden State” in order to reduce the chance they will be a victim of cybercrime. These measures, however, cannot guarantee that businesses will avoid cyber-security incidents, and the Guide therefore contains recommendations for how to prepare an effective cybersecurity incident response plan.
In response to heightened awareness and concerns about cyber threats, attacks and incidents, new guidance for healthcare organizations wanting to assess the state of their cybersecurity preparedness has been released.
The guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness.
The DHS National Cyber Security Division conducts no-cost, voluntary Cyber Resilience Reviews to evaluate and enhance cyber security capacities and capabilities within all 18 Critical Infrastructure and Key Resources (CIKR) Sectors.
The CRR seeks to understand cyber security management of services (and associated assets) critical for an organization’s mission success by focusing on protection and sustainment practices within ten key domains that contribute to the overall cyber resilience of an organization.
What to Expect
The CRR is a one-day, on-site facilitation and interview of key cyber security personnel.
The participants will receive a draft report within 45 calendar days to review and provide feedback report results. DHS will subsequently issue a final CRR Report.
CRR results are afforded protections under the DHS Protected Critical Infrastructure Information— the results are for organization use and DHS does not share results.
InfraGard is a partnership between the private sector and the Federal Bureau of Investigation. This association of businesses, academic institutions, state and local law enforcement agencies is dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.
There is no cost to join InfraGard and members receive these benefits:
The Cyber Security Evaluation Tool (CSET) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key cyber assets. It was developed under the direction of the DHS National Cyber Security Division (NCSD) by cybersecurity experts and with assistance from the National Institute of Standards and Technology.
This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.
Pursuant to the National Strategy to Secure Cyberspace, the Department of Justice and the FBI lead the national effort to investigate and prosecute cybercrime.
National Public Radio (NPR) audio segment pertaining to the Hospital Cyberterrorism Seminar at UC Davis on August 5th. Segment speakers include Allyn Lynd, FBI Agent and Bill Fawns, CIO of Kern Medical Center, Bakersfield, Calif.
