The U.S. Department of Health and Human Services (HHS) 405(d) Program has released three resources for healthcare and public health (HPH) organizations, including a new educational platform called Knowledge on Demand, a 2023 edition of Health Industry Cybersecurity Practices (HICP), and a Hospital Cyber Resiliency Initiative Landscape Analysis.
According to a post on the official HHS website, the new Knowledge on Demand platform provides “awareness training on these five cybersecurity topics: social engineering, ransomware, loss or theft of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.”
Deputy Secretary Andrea Palm also confirmed that the trainings will “serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring that those hospitals and health care organizations most vulnerable to attack can take steps toward resilience.”
The HHS post also discussed the updated HICP 2023 Edition and its content.
“HICP 2023 has been updated by over 150 industry and federal professionals to include the most relevant and cost-effective ways to keep patients safe and mitigate the current cybersecurity threats that the HPH sector faces,” the article read. “This new edition of HICP includes a discussion of the dangerous threat of social engineering attacks as one of the top five threats facing the sector.”
Lastly, the Hospital Cyber Resiliency Initiative Landscape Analysis analyzes data from various hospitals to provide the best strategies for improving cyber resiliency in U.S hospitals.
“The Hospital Cyber Resiliency Initiative Landscape Analysis greatly furthers our understanding of hospital cyber resiliency and provides us with a platform to begin working through potential policy considerations and minimum standards to better support cybersecurity in U.S. hospitals” said Deputy Secretary Andrea Palm.
HHS urges all HPH executives to be “flexible and preemptive” and to use these new resources to evaluate the cybersecurity systems within their organizations.