_Artboard%201.png)
“Cyberattacks are an increasing threat across all critical infrastructure sectors. For the health sector, cyberattacks are especially concerning because these attacks can directly threaten not just the security of our systems and information but also the health and safety of American patients. We are under constant cyberattack in the health sector, and no organization can escape that reality. While innovation in health information technology is a cause for optimism and increasing sophistication in health IT holds the promise to help address some our most intractable problems, whether in clinical care, fundamental research, population health or health system design, our technology will work for us only if it is secure. Information systems are crucial to today and tomorrow’s healthcare system, so we must take every step possible to protect them.” – Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients
The aforementioned HHS publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, is a collection of practical, understandable, voluntary, industry-led guidelines to reduce cybersecurity risks.
The five threats cited in the publication are:
- Email phishing attacks
- Ransomware attacks
- Loss or theft of equipment or data
- Insider, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient
HIA is compliant with the HHS’ ten listed Cybersecurity Practices to manage those threats:
| HIA Compliance | Recommended Cybersecurity Practices |
|---|---|
| √ | Email Protection Systems |
| √ | Endpoint Protection Systems |
| √ | Access Managements |
| √ | Data Protection and Loss Prevention |
| √ | Asset Management |
| √ | Network Management |
| √ | Vulnerability Management |
| √ | Incident Response |
| N/A | Medical Device Security |
| √ | Cybersecurity Policies |
