IT Security Resources for Essential Hospitals
Over the past decade, the U.S. health care system has experienced a rapid increase in adoption of health information technology (IT). Nearly all nonfederal, acute-care hospitals had adopted a certified electronic health record (EHR) system by 2015.
Health IT can improve the sharing of information with patients, patient outcomes, and providers’ transmission of important data to public health departments. As hospitals increasingly rely on health IT, the risk of cybersecurity breaches also increases. In 2015, the health information of more than 113 million individuals was breached, compared with fewer than 4 million individuals from 2011 to 2014.
Recent ransomware attacks on hospitals and other businesses exemplify this threat to hospital information systems, including both EHRs and administrative systems. The U.S. Computer Emergency Readiness Team defines ransomware as a type of malware that infects computers and restricts access to files until a ransom is paid. Malware often is spread through attachments and links in phishing emails, which masquerade as emails from a familiar source.
Cybersecurity threats have increased the focus on securing health IT systems, training staff on IT security, and developing contingency plans. As hospitals increase their use of health IT, it is imperative they take appropriate precautions to prevent attacks on all elements of their IT systems.
America’s Essential Hospitals has established this resource page to connect its members with cybersecurity resources that focus on preventing and responding to IT attacks. Visit this page regularly for new and updated information.
General IT Security Resources
|Fact Sheet on Phishing Vulnerabilities of Healthcare Information Technology Systems||DHS/ODNI||August 2018|
|Report on Phishing Vulnerabilities of Healthcare Information Technology Systems||DHS/ODNI||August 2018|
|Threat Intelligence Briefing on FIN7||HHS||August 2018|
|Intelligence Briefing Update on NetSpectre||HHS||August 2018|
|Threat Intelligence Briefing on Malware Loaders||HHS||August 2018|
|Report on Widespread Processor Vulnerabilities||HHS||January 2018|
|Executive Order 13800 Update Issue 1||DHS||July 2017|
|“Hidden Cobra” – North Korea’s DDoS Botnet Infrastructure||DHS||June 2017|
|Microsoft Vulnerabilities||Microsoft||June 2017|
|Healthcare Organization and Hospital Discussion Guide For Cybersecurity||HHS||June 2017|
|HIPAA and Ransomware Fact Sheet||HHS||June 2017|
|Report on Improving Cybersecurity in the Health Care Industry||HHS||June 2017|
|Quick-Response Checklist from the HHS, Office for Civil Rights (OCR)||HHS||June 2017|
WannaCry Ransomware Attack Resources
|HHS Update: International Cyber Threat to Healthcare Organizations
|HHS Update #2: International Cyber Threat to Healthcare Organizations
| HHS Update #3: International Cyber Threat to Healthcare Organizations
| HHS Update #4: International Cyber Threat to Healthcare Organizations
| HHS Update #5: International Cyber Threat to Healthcare Organizations