CISA Issues Advisory on Risks Health Care Sector Faced in 2023

The Cybersecurity and Infrastructure Security Agency has issued a cybersecurity advisory highlighting risks and vulnerabilities that faced the health care and public health sector in early 2023.

According to the CSA, HPH organizations were open to vulnerabilities that could compromise data confidentiality, integrity and availability. CISA offered several recommendations to HPH and critical infrastructure organizations addressing 16 specific cybersecurity weaknesses.

The CSA also includes mitigation strategies for asset management and security; identity management and device security; and vulnerability, patch and configuration management, CISA said.

The advisory was published after the Department of Health and Human Services released a concept paper for a health care sector cybersecurity strategy. The concept paper calls for voluntary cybersecurity performance goals reporting, the creation of a department-wide strategy for enhanced cyber strategy enforcement and accountability and the expansion of the Administration for Strategic Preparedness and Response’s role in promoting health care cybersecurity.

CISA and the HHS also released a new toolkit in October to help the HPH sector fend off cyberthreats. The Cybersecurity Toolkit for Healthcare and Public Health includes several resources to help users identify and protect against known vulnerabilities and develop cybersecurity practices.