This is Cybersecurity Awareness Month which is championed by the Cybersecurity & Infrastructure Security agency.
Cybersecurity awareness can keep you busy in the healthcare industry, but awareness is key to an effective cybersecurity strategy. In the spirit of awareness, I wanted to share some great information resources that I use.
General Healthcare Industry Cybersecurity Education
Health IT Security
This website is dedicated to education and help readers address any potential threats. This site offers easy-to-read news articles – for healthcare privacy experts. You can sign up for weekly newsletter highlighting content. Also available on this site is a list of upcoming webinars on the latest cybersecurity topics.
Cybersecurity Best Practice Resources
HIMSS Cybersecurity and Privacy
The HIMSS organization targets healthcare providers and health systems as their audience. They have a Cybersecurity and Privacy resource center which includes items like on-demand webinars, reports and articles.
The HIPAA Journal is a great resource for anything HIPAA. However, this website also reports healthcare breaches along with details like number of records and the cause. This gives you a way to understand the scope of the problem. The site also covers the requirements (process) of the HIPAA notification rule for reporting breaches.
Cybersecurity & Infrastructure Security agency (CISA)
The CISA site has a portion of their website dedicated to cybersecurity and cybercrime. Unlike most websites, this not only includes best practices but also a forum focused entirely on “bad practices” that lead to vulnerabilities.
HHS (U.S. Department of Health & Human Services
Lisa Pino wrote a great blog “Improving the Cybersecurity Posture of Healthcare in 2022” which you can find on HHS.gov. This blog lists some best practices but also includes links to different sites to other resources on different topics like ransomware, general cybersecurity best practices – all kinds of good stuff.
This is a non-profit organization that develops standards for identity and personal data management. Their mission is “improving trustworthy use of identity and personal data through innovation, standardization, and good practice.” Their resources are on the technical side, and one item on the list is the “Identity Assurance Framework .” Check out their resources page.
National Institute of Standards and Technology (NIST)
NIST is part of the U.S. Department of Commerce and efforts focus on measurement and standards. There is a lot more to it, but you might recognize the organization based on the NIST IAL2 standard which is often used in healthcare cybersecurity. They have a robust publications tab but looks a bit overwhelming. You might be specifically interested in the “Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide.”
I hope this helped you find some sources that you can use to help with healthcare cybersecurity awareness.