Don't have an account? Create Account
Don't have an account? Create Account

Over the past decade, the U.S. health care system has experienced a rapid increase in adoption of health information technology (IT). Nearly all nonfederal, acute-care hospitals had adopted a certified electronic health record (EHR) system by 2015.

Health IT can improve the sharing of information with patients, patient outcomes, and providers’ transmission of important data to public health departments. As hospitals increasingly rely on health IT, the risk of cybersecurity breaches also increases. In 2015, the health information of more than 113 million individuals was breached, compared with fewer than 4 million individuals from 2011 to 2014.

Recent ransomware attacks on hospitals and other businesses exemplify this threat to hospital information systems, including both EHRs and administrative systems. The U.S. Computer Emergency Readiness Team defines ransomware as a type of malware that infects computers and restricts access to files until a ransom is paid. Malware often is spread through attachments and links in phishing emails, which masquerade as emails from a familiar source.

Cybersecurity threats have increased the focus on securing health IT systems, training staff on IT security, and developing contingency plans. As hospitals increase their use of health IT, it is imperative they take appropriate precautions to prevent attacks on all elements of their IT systems.

America’s Essential Hospitals has established this resource page to connect its members with cybersecurity resources that focus on preventing and responding to IT attacks. Visit this page regularly for new and updated information.

General IT Security Resources

Title Source Date
Executive Order 13800 Update Issue 1 DHS July 2017
“Hidden Cobra” – North Korea’s DDoS Botnet Infrastructure DHS June 2017
Microsoft Vulnerabilities Microsoft June 2017
Healthcare Organization and Hospital Discussion Guide For Cybersecurity HHS June 2017
HIPAA and Ransomware Fact Sheet HHS June 2017
 Report on Improving Cybersecurity in the Health Care Industry HHS June 2017
 Quick-Response Checklist from the HHS, Office for Civil Rights (OCR) HHS June 2017

WannaCry Ransomware Attack Resources

Title Source Date
HHS Update: International Cyber Threat to Healthcare Organizations

  • Where to find the most up-to-date information from the U.S. government
  • How to prevent email-based ransomware attacks
  • What HHS is doing to secure our systems
HHS May 2017
HHS Update #2: International Cyber Threat to Healthcare Organizations

  • Where to find the latest Microsoft security information
  • ASPR TRACIE: Healthcare Cybersecurity Best Practices
  • How to request an unauthenticated scan of your public IP addresses from DHS
  • What to do if you are the victim of ransomware or have cyber threat indicators to share
HHS May 2017
 HHS Update #3: International Cyber Threat to Healthcare Organizations

  • Receive health care intelligence through InfraGard participation
  • DHS support for private sector cyber incident table top exercises
 HHS May 2017
 HHS Update #4: International Cyber Threat to Healthcare Organizations

  • HHS Office of Civil Rights Guidance on HIPAA, specific to WannaCry
  • CISA protections for private sector information sharing
  • Why to connect with your local fusion center
  • FDA’s Public Workshop — Cybersecurity of Medical Devices
 HHS May 2017
 HHS Update #5: International Cyber Threat to Healthcare Organizations

  • HHS ASPR’s online After Action collection mechanism
  • Process for victim reporting and indicator sharing
  • FDA’s medical device FAQ based on “Daily Sector Call” feedback
 HHS May 2017

 

America’s Essential Hospitals regularly compiles resource pages to inform our members and other stakeholders about timely issues.

About America’s Essential Hospitals

America’s Essential Hospitals is the leading association and champion for hospitals and health systems dedicated to high-quality care for all, including the most vulnerable. Since 1981, America’s Essential Hospitals has initiated, advanced, and preserved programs and policies that help these hospitals ensure access to care. We support members with advocacy, policy development, research, and education.