Cybersecurity: A Top Patient Safety Issue
Cybersecurity is the practice of protecting systems, networks, devices, data and programs from unauthorized access or criminal use. Below are resources that include safety measures that you can take to protect yourself from a cyberattack, which also protects your patients:
- The Cybersecurity Guidance Material web page offers educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents.
- Working from home? The American Medical Association (AMA) offers a resource to help keep your work environment safe from cyber threats that could disrupt your practice or negatively impact your patients’ safety.
- As viruses, malware and hackers pose a threat to patients and physician practices, the AMA has curated numerous resources and tips for physicians and healthcare staff to protect patient health records and other data from cyberattacks. Check out the AMA’s comprehensive Physician Cybersecurity web page!
- The U.S. Department of Health and Human Services (HHS)’s Cybersecurity Framework Implementation Guide is geared to help the public and private healthcare sectors prevent cybersecurity incidents. The guide provides specific steps that healthcare organizations can immediately take to manage cyber risks to their IT systems. Assistance for small healthcare organizations is also available.
- The Cybersecurity for the Clinician Video Training Series is offered by the Healthcare Sector Coordinating Council (HSCC) and includes eight videos explaining in easy, non-technical language what clinicians and medical students need to understand about how cyberattacks can affect clinical operations and patient safety, and what you can do to help keep healthcare data, systems and patients safe from cyber threats.
- The HHS and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have created resources and guides to help medical practices and other small business protect against ransomware and phishing:
- HHS announces Next Steps in Ongoing Work to Enhance Cybersecurity for Healthcare and Public Health Sectors, which highlights planned steps to improve cyber resiliency and protect patient safety.
- HHS’ cybersecurity advisory group’s newsletter, called The 405(d) Post, highlights several healthcare cyber articles. What is 405(d)? The 405(d) Program provides organizations across the nation with resources and recommended steps to prepare their organization for cyber threats and strategies to mitigate cybersecurity threats.
- The Health Sector Cybersecurity Coordination Center (HC3) was created by HHS to aid in the protection of vital healthcare-related information and to ensure that cybersecurity information sharing is coordinated across healthcare and public health.
- Access HC3 Products, which are available to the general public online at no cost!
- The HC3 website is designed to help physicians and their medical practices become better informed about potential cyber threats.
- As rapid, effective cyber incident detection, response and prevention is a critical facet of ensuring our national security, the Cybersecurity & Infrastructure Security Agency (CISA) offers the Incident Detection, Response and Prevention web page.
- Strengthen your cybersecurity webpage offers education about cybersecurity threats and how you can protect yourself.
If you have questions, please contact the ISMS Health Policy Research and Advocacy team by email.