Best Practices

Exploring the Health Industry Cybersecurity Practices (HICP) Publication, How to Use It

February 27, 2024 - The “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” publication, known as “HICP” for short, is the product of healthcare industry leaders and government representatives coming together to tackle mounting healthcare cybersecurity threats. First published in January 2019 and updated in 2023, HICP is a four-volume publication...

Read More


More Articles

How the HSCC is Bridging the Gap Between Cyber Haves and Have-Nots

by Jill McKeon

Cybersecurity remains a key challenge for the healthcare sector, an industry inundated with ransomware, phishing attacks, third-party risk management struggles, and security staffing shortages. These obstacles are consistent across the...

How Northwell Health Runs Its Cybersecurity Training and Awareness Program

by Jill McKeon

When it comes to cybersecurity, costly technology and high-end tools can only get organizations so far. Implementing a robust and dynamic cybersecurity training and awareness program is crucial to reducing risk and establishing a culture...

Top Free Resources For Improving Healthcare Cybersecurity

by Jill McKeon

The healthcare sector continues to face unprecedented levels of cyberattacks and data breaches. From state-sponsored threat actors to known vulnerabilities and phishing campaigns, the industry is up against a variety of dynamic...

3 Ways to Avoid Repeat Healthcare Ransomware Attacks

by Jill McKeon

Healthcare ransomware attacks can result in EHR downtime, data encryption, ambulance diversions, and other disruptions. With patient safety on the line, it is imperative that healthcare organizations work quickly to get systems up and...

CISA, FBI, MS-ISAC Provide Guidelines For DDoS Incident Response

by Sarai Rodriguez

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released a joint...

Exploring Security, Privacy Team Roles in Healthcare Cyber Incident Response

by Jill McKeon

Effective healthcare cyber incident response and preparedness require strong collaboration between security and privacy teams. Privacy and security experts can leverage one another’s expertise to effectively reduce risk and champion...

Key Ways to Manage the Legal Risks of a Healthcare Data Breach

by Jill McKeon

Healthcare data breaches can result in data theft, reputational and financial losses, and most importantly, patient safety risks. But breaches also come with significant legal implications. Data shows that impacted patients’ lawyers...

White House Highlights Cybersecurity Awareness Month

by Jill McKeon

President Biden designated October as Cybersecurity Awareness Month and encouraged the public and private sectors to take immediate action to protect against cyber threats in a White House press...

How Rural Hospitals Can Tackle Healthcare Cybersecurity Risks

by Jill McKeon

Ransomware, phishing, and breaches are all top-of-mind concerns for healthcare cybersecurity leaders, regardless of organization size or location. But for small, rural hospitals, managing cyber risk can be an even more intimidating...

Assessing the Risk of Poorly Configured, Internet-Exposed Protocols

by Jill McKeon

In the Cybersecurity and Infrastructure Security Agency’s (CISA) “Shields Up” notice following Russia’s invasion of Ukraine, the agency recommended that organizations go back to...

How to Identify, Address Insider Threats in Healthcare

by Jill McKeon

Malicious hackers ascending from the depths of the dark web, state-sponsored ransomware groups, and targeted phishing scams may come to mind when thinking of potential healthcare cybersecurity threats. But insider threats, whether borne...

Breaking Down the NIST Cybersecurity Framework, How It Applies to Healthcare

by Jill McKeon

If implemented carefully, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) can help healthcare organizations bolster their cybersecurity programs and further safeguard patient data and critical...

HHS Provides Tips For Strengthening Cyber Posture in Healthcare

by Jill McKeon

The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a brief with tips for strengthening cyber posture in healthcare. HC3 defined cyber posture as “the overall strength of an...

Common Types of Social Engineering, Phishing Attacks in Healthcare

by Jill McKeon

Social engineering attacks remain some of the most efficient and effective ways for threat actors to exploit victims and gain network access, and the healthcare sector is no exception. Baiting, tailgating, and pretexting are all popular...

Best Practices For Password Security, Cyber Hygiene

by Jill McKeon

The first Thursday of every May is known as World Password Day, a day in which organizations and individuals are encouraged to brush up on their cyber hygiene and password security measures. Weak...

Exploring Challenges, Benefits of Cyber Insurance in Healthcare

by Jill McKeon

As the healthcare sector remains a key target for data breaches, more organizations are turning to cyber insurance to minimize the damaging effects of a breach. Healthcare data breaches impacted more than 40 million individuals in 2021...

HSCC Creates Operational Continuity Checklist For Navigating Cyberattacks

by Jill McKeon

The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) released a checklist to help healthcare staff and executives preserve operational continuity while...

Log4j, ProxyShell Among Top Exploited Vulnerabilities Last Year

by Jill McKeon

ProxyShell, Log4Shell, and ProxyLogon were among the top 15 routinely exploited vulnerabilities in 2021, the Cybersecurity and Infrastructure Security Agency (CISA) revealed. CISA released a joint...

Managing Risk of Insider Threats in Healthcare Cybersecurity

by Jill McKeon

HHS’ Health Sector Cybersecurity Coordination Center (HC3) issued a brief outlining risk factors and mitigation tactics for managing insider threats in healthcare cybersecurity. From malicious...

Recent Articles