Data theft and ransomware attacks targeting health care organizations have increased dramatically over the past several years, disrupting patient care, safety and privacy. Your organization can prepare for and manage such risks by viewing cybersecurity not as an IT issue but rather by making it part of your existing governance, risk management and business continuity framework.

The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks. As the cybersecurity landscape continues to evolve, we are working closely with federal agencies, the hospital field and solution providers to build trusted relationships and channels for the exchange of cyberthreat information, as well as resources to support the implementation of risk mitigation practices.

HHS Cybersecurity Performance Goals

HHS created a set of voluntary Cybersecurity Performance Goals (CPG) in cooperation with the Healthcare and Public Health (HPH) sector to encourage the implementation of high-impact cybersecurity practices to help organizations better prepare for and mitigate cyber threats.

These practices are designed to:

  • Better protect your hospital or health system from cyberattacks.
  • Improve response when events occur.
  • Minimize residual risk.
  • Mature and heighten your cybersecurity capabilities.
  • Ultimately, protect patient health information and safety.

The CPGs are designed to defend against the most common tactics used by cyber adversaries to attack health care and related third parties, such as exploitation of known technical vulnerabilities, phishing emails and stolen credentials. The AHA recommends that these CPGs be voluntarily implemented by all components of the health care sector, including third-party technology partners and business associates.

Learn more about the CPGs on the HHS Cybersecurity Performance Goals webpage. Or print the Goals.

How can AHA Help?

While escalating cyberattacks underscores the critical need for your hospital or health system to defend against malicious actors, you cannot do it alone.

That’s why the AHA is collaborating with multiple parties across the public and private sectors to support our members with cybersecurity risk mitigation.

As part of this work, the AHA established the AHA Preferred Cybersecurity Provider (APCP) program to help our members’ cybersecurity initiatives. These vetted, highly reputable and accomplished cybersecurity providers listed below have developed dedicated resources and special offerings to help you address your cybersecurity and risk mitigation challenges.

Cybersecurity Resources from AHA Partners

Google

For all AHA-member nonprofit hospitals, three complimentary services including consultation with Google ChromeOS Healthcare Specialists, evaluation and certification of existing hardware to run ChromeOS Flex, and access to ChromeOS Jumpstart Program.

Microsoft

Providing free cybersecurity assessments including insights and recommendations on improving your hospital's cybersecurity awareness and defenses. Offer includes cybersecurity awareness and risk mitigation training for frontline and IT staff and affordable access to advanced enterprise security product suite and Windows 10 Extended Security Update free for one year. For independent CAHs and REHs, Microsoft will provide standard nonprofit discounts.

Aon

Four complimentary services for all AHA members to prepare for CPG compliance, including access to a submission platform, risk analysis and cyber insurance policy review. Plus a complete package of discounted pricing on Aon cyber solutions for 16 of the 20 specific Essential and Enhanced cybersecurity goals.

Censinet

Complimentary CPG Compliance Started Kit for all AHA members, which includes a tool to assess compliance, benchmark performance, implement assessments and action plans, monitor risk and report compliance.

Critical Insight

Complimentary incident response plan checkup for all AHA members, plus discounts on access to a platform, tools and professional advisory services to achieve both Essential and Enhanced cybersecurity goals.

Cylera

Discount for all AHA members off price of Cylera platform, an advanced healthcare IoT asset intelligence and security solution that optimizes care delivery, service availability, and cyber defenses across healthcare IT, IoT, connected medical devices and building management systems.

 

Learn more about the APCP program plus additional APCP providers fulfilling a range of cybersecurity needs.

   

Stay up-to-date on the latest cybersecurity news, resources & alerts.

Subscribe

Cybersecurity News

See More
AHA participates in health care cybersecurity summit 
Agencies issue advisory on threat of China-based cyber group 
Joint Cyber Advisory: State-Sponsored Russian Media Leverages Meliorator Software
Cyber Advisory TLP Clear: APT 40 Advisory PRC MSS Tradecraft in Action
AHA comments on CIRCIA’s cyber incident reporting requirements 
HHS issues cyber alert on critical vulnerability in ‘MOVEit,’ file transfer platform
HC3-Sector Alert TLP Clear - Critical MOVEit Vulnerabilities Expose Health Sector to Data Breaches
Agencies issue joint report on memory safety vulnerabilities in open source projects
Bulletin alerts health sector to cyberthreat exploits on TeamViewer
FBI, HHS issue advisory on cyberthreat actors targeting health care to divert payments
FBI CYBER - TLP Green: Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
Joint Cyber Advisory TLP Clear: Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
More Cybersecurity News

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Cybersecurity & Risk Advisory Services

Cyber Alerts and Reports