If you are in the health care industry, you might be aware of the voluntary cybersecurity guidance issued by Department of Health and Human Services (HHS) for health care industry. This guidance is aptly titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (aka HICP), as the key to “protecting patients and their data” is directly dependent on the organization’s ability to “managing threats”.

The letter from HHS Deputy Secretary included in the report explicitly mentions that cyber attacks are especially concerning for health sector, since these attacks can directly threaten not just the security of the systems but also the health and safety of American patients. The report in “Executive Summary” mentions the following:

“Given the increasingly sophisticated and widespread nature of cyber-attacks, the health care industry must make cybersecurity a priority and make the investments needed to protect its patients.”

The complete publication comprises of the following:

The main document covers 5 threats as mentioned below:

The technical volumes detail 10 practices to mitigate these threats, as below:

Some interesting facts mentioned in the report:

The report does an excellent job at explaining the difference between a threat and vulnerability by providing an healthcare analog. For each of the 5 threats covered in the report, details modeled using “Vulnerability → Threat → Practice” model.

Here is a snippet from the report explaining the “Vulnerability → Threat → Practice” model using “Influenza” as a threat:

Let us consider “Ransomware attack” threat to better understand things. One of the “vulnerabilities” that could lead to “ransomware attack” is “Unpatched software” and the recommended practice is “Patch software according to authorized procedures (7.S.A)”. In case you are wondering as to what “(7.S.A)” is? It is basically an index into the 10 cybersecurity practices advocated in the Technical Volumes accompanying the report.

The seventh practice in the Technical Volume refers to “Vulnerability Management”. Here is a snippet of what the “Vulnerability Management” practice implies to small, medium and large organizations:

Small healthcare organization

Medium healthcare organization

Large healthcare organization

ThreatWatch provides effective and superior vulnerability management capabilities which can be leveraged by healthcare organizations to improve their security posture to defend against cyber-attacks. ThreatWatch collects vulnerability intel from numerous sources and performs impact analysis on organization assets to help improve their security posture. ThreatWatch is differentiated from traditional vendors like Rapid7, Tenable, etc. in that we offer:

  1. Machine curated vulnerability intel coupled with zero-touch non-intrusive impact assessment done in near real-time to help reduce the window of compromise and improve security posture.
  2. Pro-active rather than Re-active model for security with no need for periodic scheduled scans.

To know more about our Vulnerability Management as a Managed Service (VMMS), please contact us at: info@threatwatch.io