HC3 Published Guidance on Cyber Posture in Health Field

Posted by HIPAA Software on Jun 20, 2022
Cyber Posture

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) published short hints on cyber posture in the healthcare field. The organization also gave step-by-step guidance to strengthen the cyber stance.

What is the Cyber Posture?

The HHS Health Sector Cybersecurity Coordination Center (HC3) defines cyber posture as the general force of a company’s cyber defense. It involves the availability of cybersecurity protocols to predict and prevent threats and the capacity to take immediate actions and address cyberattacks.

Generally, the Health Insurance Portability and Accountability Act (HIPAA) demands all covered entities (CEs) have the proper safeguards in place to defend the protected health information (PHI). But still, an advanced cyber posture is not only following the compliance requirements. HC3 also stated that reliable security program availability could help healthcare organizations avoid scams and cyberspying.

What did HHS Advise on the Cyber Posture?

The HHS Health Sector Cybersecurity Coordination Center (HC3) urged health companies to complete the following guidelines. By these means, organizations can enhance their cyber defense:

  1. First, carry out security posture estimations regularly.
  2. Second, perform systematic network and software monitoring for weak spots.
  3. Third, determine the area of risk responsibility for each department and appoint risk control managers.
  4. Fourth, conduct constant gap analysis in security measures.
  5. Fourth, identify the main security metrics.
  6. Finally, develop the plans for addressing cases and recovering from damages.

CISA Insights

HSS’ HC3 encouraged companies in the care field to keep up with the Cybersecurity and Infrastructure Security Agency’s (CISA) “CISA Insights”. These guidelines involve a variety of best cybersecurity practices. For example, according to the CISA Insights, healthcare organizations should check and confirm all authorized remote accession. Also, they must ascertain that the software is up to date and apply enhanced control to cloud-based services.

Key Points to the Strong Cyber Posture

If a healthcare company finds out there was unauthorized access, the assigned cybersecurity division has to permit data capture. Also, it has to detect suspicious activity immediately and ensure that the company’s network has protection by antivirus. In addition, the department must be appointed to positions and duties regarding the law, communication, continuation of the business, and information technologies.

Basically, cyber resistance is an essential element of an enhanced cyber posture. It forces healthcare companies to check backup procedures. Its purpose is to provide the immediate restoration of critical information in the case of a cyber-attack.

Suppose a company uses automized management systems or operational technologies. In that case, it’s better to conduct manual testing to confirm that vital processes can still operate even though the organization’s network is unavailable or inaccessible. 

Additional Information

HC3 highlighted the necessity of a cybersecurity risk assessment. It can assist healthcare companies in counting risks, defining the chance of exploitation, and determining weak spots and sources of threats. By the way, the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) published an update of their Security Risk Assessment (SRA) Tool recently. This tool can assist CEs in this procedure.

To comply with the legislation, healthcare organizations should protect patients’ PHI and sensitive data in their networks from cyber villains’ activity.

Follow our news portal to stay up to date!

We will be happy to hear your thoughts

Leave a reply

hipaa-software.com
Logo
Register New Account
Reset Password
Compare items
  • Total (0)
Compare