November 13, 2024 | Keavy Murphy

5 min read

Leveraging Cybersecurity and Infrastructure Security Agency Resources to Keep Your Practice Safe

Keavy Murphy, Vice President, Information Security

How to Use the Free US Government Agency Offerings to Secure Patients and Provide Reliable Care

Security is at the top of healthcare companies’ minds right now, though technology and tools to secure environments are costly. How do you reduce your cybersecurity risk as a healthcare provider, without negatively impacting the bottom line or delaying patient care?

A solid approach is to utilize the resources published and maintained by the Cybersecurity and Infrastructure Security Agency (CISA). While there is no substitute for a security tech stack, CISA is a great security enabler – especially for small and medium-sized healthcare providers. Leveraging their robust resources is a solid way to reduce security risk in your business.

Approachability: Not Just a Resource for Security Experts

Not all healthcare practices or physician offices have fully staffed security departments. When the focus is 100% on delivering proper patient care, building defensive security teams is not typically a top priority. As a result, providers need easy-to-follow, understandable, and accessible security resources that will allow them to reduce cyber risk while not incurring additional costs or adding more work to their already heavy workloads. This is where CISA is a valuable resource.

This government outlet writes its documentation, whitepapers, and data reports for an audience that isn’t just security professionals. The creators of CISA and those who maintain the content are writing for individuals who may not have classic security training and may not be wholly focused on risk in their day-to-day roles.

As a result, the resources are written in plain English, are easy to consume, and contain information that staff could easily understand at private practices, outpatient therapy locations, or in skilled nursing facilities.

Incident Response: Help in a Time of Need

If your office or practice experiences a critical security incident, data breach, or ransomware event, you might consider CISA among your first phone calls.

Malware gangs and threat actors are already well-known to the US government, and CISA can provide rapid triage. Reaching out to CISA immediately may allow you to get help (in the form of encryption keys, threat analysis, etc.). In addition, in many cases, this government agency has seen these threat actors before, and contacting CISA can quickly help the government track the malware gangs’ impact across US businesses.

Organizations wishing to report anomalous cyber activity and or cyber incidents 24/7 to report@cisa.gov or 1-844-Say-CISA.

Up-to-Date Information and Timely News

CISA promotes a culture of information sharing for healthcare businesses of all sizes. In the spirit of this collaboration, they send daily updates on threats that can be employed to help you know where to focus resources to reduce your cyber risk. CISA distributes newsletters that outline the most pressing critical threats impacting organizations in the healthcare sector – these are often the first communications sent about a severe incident, breach, or security event. Hence, these newsletters and email digests are one of the best ways to get up-to-date information on something that could negatively impact your business.

Suppose a vendor you use or your client experiences a severe attack or breach. They may be too busy to send individual communications informing you of the security event. Their systems may also be down, meaning they cannot contact you directly. In these cases, you can look to CISA’s cybersecurity advisories for mass communications that outline what happened to your vendor or client.

Simple Best Practices: Implement Them with Ease

Pervasive cyber threats change every day, though the way a business responds regarding controls and best practices remains the same. Nation-state actors, threat groups, and individual cybercriminals modify their approaches to exploitation regularly. However, the security controls for keeping your healthcare business safe remain the same.

The top three controls include:

  • Informing staff not to click phishing emails
  • Not sharing passwords among users
  • Updating your laptop/phone regularly to keep it free of software vulnerabilities

These best practices are not heavy lifts and can be done quickly by healthcare practice employees. CISA provides easy-to-follow resources and white papers that outline these security controls and can be shared within your office or facility.

Healthcare providers have significant workloads and limited resources. Fortunately, security risk can be reduced in a way that does not add more strain to those working in these facilities. CISA is considered an information-sharing and analysis center (ISAC), with documentation and whitepapers that have already been developed for you to use. There’s no need to recreate the wheel – your office can leverage CISA’s documented best practices to help combat pervasive cyber threats at no cost. These approachable written resources, combined with their incident response support, can help keep your healthcare business safe.

Cybersecurity Is Key

Learn more about how Net Health takes care of customer data

Share this post

Subscribe and See More

This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.