HC3 Threat Brief TLP White: Healthcare Information Security Assessment and Auditing, May 28, 2020

  • The COVID-19 pandemic has necessitated an increase in information collection and sharing among providers, patients, hospitals, vendors and other organizations. In turn, that has heralded an uptick in "malicious cyber campaigns" that attack healthcare facilities, according to U.S. and U.K. law enforcement agencies.
  • Security Assessments in Care Settings are intended to protect and secure health information (electronic protected health information or ePHI), from a wide range of threats, whether in emergency situations or during a system failure that constitutes a risk compromising the confidentiality, integrity, and availability of ePHI.
  • During an IT audit, expert auditors evaluate your internal and external network to find out where attackers could gain access. When auditing the IT systems of a healthcare organization, auditors will also ensure that all data is being stored, and internal governance follows compliance needs associated with HIPAA, as well as any other standards that are applicable in your situation.

Key Resources

Related Resources

Guides/Reports
HC3 TLP Clear: Privileged User Compromise
Public
Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets