Cyber Security

NYSDOH Advisory: Cyber Awareness Guidance for Providers (June2017)
NCCIC Incident Report: Intrusions Affecting Multiple Victims across Multiple Sectors (Apr2017)

HHS Cyber Resources

•  Voluntary Cybersecurity Practices for Health Industry  (HHS 2019)

  Summary:This Reference Document is a collaboration of the U.S. Department of Health & Human Services (HHS) along with its industry partners.  Found within are details of how cybersecurity affects the healthcare industry.  It includes a set of voluntary, consensus-based principles and practices to improve cybersecurity in the health sector. Contained within this report are 5 well known cybersecurity threats that target the healthcare industry.  This document provides a basic description of the threat, gives a real-world scenario of how the threat can occur, its impact, and some quick tips when encountered.  In addition each threat lists the vulnerabilities of each, impact, and practices to consider.

• CMS Recommendations to Providers Regarding Cyber Security
• Healthcare Emergency Preparedness Information Gateway

FDA Resources

• General guidance on Cybersecurity
• Post Market Management of Cybersecurity in Medical Devices
• FDA Fact Sheet

Other Resources

• Report on Improving Cybersecurity in the Healthcare Industry (June 2017)
• Digital Footprint - Assessing Risk and Impact
• Cyber Security Courses

Wannacry

• US HHS notice on WannaCry: provides mitigating steps, what to do if you are a victim, and pointers to other useful resources including the FDA 24/7 hotline (06/02/17)
• US DHS alert on Indicators of Compromise for WannaCry: regularly updated, this contains a list of vendors with embedded Windows systems that have customer guidance about WannaCry, as well as links to other resources from DHS, Microsoft, and the FDA