CISA releases advisory on enhancing cyber resilience

Dec 18, 2023 - 02:31 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity and Infrastructure Security Agency Dec. 15 released an advisory on ways health care organizations can enhance their cybersecurity protection. CISA recommends that organizations use longer and more complex passwords; ensure that only ports, protocols and services with validated business needs are running on each system; train users against password reuse; discontinue reuse or sharing of administrative credentials among systems; and implement a security awareness program that focuses on methods commonly used in intrusions that can be blocked through individual action, among other solutions. 

“This report of findings from a network penetration test of a health care organization conducted by CISA provides useful guidance which may be applicable to other health care organizations,” said John Riggi, AHA national advisor for cybersecurity and risk. “In particular, the recommendations outlined in Table 6 of the document may help organizations identify and mitigate key sources of cyber risk. CISA has become very pro-active in helping organizations share best practices in mitigating cyber risk and conducts free risk and vulnerability assessments.” 
 
For more information on cyber and risk issues contact Riggi at jriggi@aha.org. For the latest cyber and risk information and resources visit www.aha.org/cybersecurity.

Related News Articles

Headline
HHS issues cyber alert on critical vulnerability in ‘MOVEit,’ file transfer platform
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center June 27 issued an alert about a critical vulnerability in MOVEit, a…
Headline
Agencies issue joint report on memory safety vulnerabilities in open source projects
A joint report released June 26 by the Cybersecurity and Infrastructure Security Agency, FBI, the Australian Cyber Security Centre and Canadian Centre for…
Headline
Bulletin alerts health sector to cyberthreat exploits on TeamViewer
The Health Information Sharing and Analysis Center June 27 issued a threat bulletin alerting the health sector to active cyberthreats exploiting TeamViewer. H-…
Headline
FBI, HHS issue advisory on cyberthreat actors targeting health care to divert payments
The FBI and Department of Health and Human Services June 24 released an advisory about cyberthreat actors targeting health care organizations in attempts to…
Headline
HHS alerts health sector to cyberthreat from Qilin ransomware group 
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Qilin, formerly "Agenda…
Headline
Change Healthcare begins notifying customers with compromised patient data following cyberattack 
Change Healthcare June 20 began notifying health care providers and other customers with patient data stolen following February’s cyberattack, the company…