Resource Search Results

Health Center Safety and Man-Made Threats Resource Packet: Targeted Resources on Health Center Security, Population-Specific Safety Topics, and Cybersecurity (2024). Resource Type: Publication. Description: This BPHCurates packet provides resources describing mitigation, preparedness, response, and recovery strategies for navigating man-made threats directed towards health centers, their staff, and patients. The man-made threats included in this packet are specifically related to health center security, population-specific safety concerns, and cybersecurity. More Details...

Cyber Insurance & HIPAA Breaches Tip Sheet (2024). Resource Type: Publication. Description: This Tip Sheet specifically addresses how cyber insurance coverage can support health centers in meeting their obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to respond to security incidents and to report breaches. More Details...

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation and Response - Session 4: Virtual Learning Collaborative (2023). Resource Type: Archived Webinar. Description: It\'s time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you\'ll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won\'t become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. To support health centers in their cybersecurity strategy and implementation, the HITEQ Center is offering a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative will involve four structured virtual learning sessions. During the series participants engaged with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics included: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective. More Details...

HITEQ Highlights: Enabling a Cyber-Resilient Health Center: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: This HITEQ Highlight aimed to strengthen Health Centers\' capacity to build their cyber-resiliency. We covered risk management tools, methods for guarding against cybersecurity assaults, operationalizing cybersecurity to mitigate risks, and breach mitigation tactics. Participants focus on safeguarding data across the entire enterprise and examined approaches to implementing cybersecurity infrastructure through risk management frameworks and strategic risk assessment. More Details...

Cybersecurity: Ask Me Anything: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: This session sought to motivate and educate Health Center staff and leadership on current critical cybersecurity threats, concepts, and methods for the defense of health data. A panel of cybersecurity experts addressed questions on how to best protect the health center from both internal and external network leaks, through malware such as ransomware, and through physical means on-site. More Details...

Promoting Cybersecurity Awareness for Patients: Protecting yourself when using patient portals, health apps, and online medical devices, June 2023. (2023). Resource Type: Archived Webinar. Description: This training guide provides patients with knowledge and awareness about cybersecurity threats to protect their personal health data and to minimize risks from computer viruses and malware. More Details...

A Guide to Essential Cybersecurity Tasks for Health Centers: For health centers with limited resources, developed in June 2023 (2023). Resource Type: Toolkit. Description: In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively. More Details...

Health IT and Cybersecurity Positions and Salaries: Descriptions and Ranges (2023). Resource Type: Field-Generated Publication. * Description: Below is a list of job descriptions that can be used to help describe various health information technology, as well as cybersecurity, employment options. A variety of health information and technology positions are represented. This information is intended to assist health centers in understanding the many different domains of the profession as well as possible job descriptions that could be useful when drafting duties or during recruitment. This information was compiled in early 2022. More Details...

Considerations for Sustaining a Culture of Cybersecurity: Part II: Cybersecurity Risk and Preparation (2022). Resource Type: Archived Webinar. Description: With the rise in cyberattacks of government agencies and large-scale companies, organizations large and small are questioning if they are doing all they should to protect their data. More Details...

Considerations for Sustaining a Culture of Cybersecurity: Part I: Understanding the Essentials (2022). Resource Type: Archived Webinar. Description: With the rise in cyberattacks of government agencies and large-scale companies, organizations large and small are questioning if they are doing all they should to protect their data. More Details...

Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services: HITEQ Highlights webinar (2021). Resource Type: Archived Webinar. Description: Healthcare continues to be the sector most targeted globally by ransomware and related malware attacks and leads in the average total cost of data breach across industries. The FY 2021 American Rescue Plan Funding provides an excellent opportunity for Health Centers to make strategic investments in cybersecurity infrastructure and services. This HITEQ Highlight, presented by Adam Kehler of Online Business Systems provides an overview of assets that can increase Health Center cybersecurity. Topics covered include cybersecurity infrastructure and services that can increase defense-in-depth for health IT, including EHRs, telehealth tools and services, mobile medical devices, patient portals, and related health information software applications. More Details...

Cybersecurity Checklist for Health Center Staff Working Remotely (2020). Resource Type: Publication. Description: This PDF checklist, developed by HITEQ, provides a guide for health center staff to mitigate cybersecurity risks and threats during times of emergency and incident response that have them working remotely from the health center. More Details...

HITEQ Highlights: Health Center Defense Against the Dark Web: Strategies for Building Security Awareness, Education, and Compliance in 2020 (2020). Resource Type: Archived Webinar. Description: This HITEQ Center webinar explored key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. This webinar sought to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection were covered with an emphasis on health center-wide information protection. More Details...

Cyber Security Risks — COVID-19: Best Practices for Health Center Staff Working Remotely (2020). Resource Type: Publication. Description: The number of COVID-19 cases continue to increase throughout the United States, requiring more and more of our health systems to rely on employees working from home at times. While some of us are required to "shelter-in-place," unfortunately that shelter can create increased risks such as cyber security breaches. With good planning, policies, and employee and family education, health centers can minimize risk and support their employees while working remotely. This presentation will inform your Health Center remote workers on best practices for increasing cybersecurity at home. More Details...

Strategic Cybersecurity Breach Protection and Incident Response: Guidance and Resources for Health Centers (2019). Resource Type: Other. Description: This is Part 2 of HITEQ's Health Center Defense Against the Dark Web presentation series. This presentation provides general knowledge about breach mitigation and planning strategies for incident response. More Details...

Health Center Defense Against the Dark Web Presentation: Strategies for Building Security Awareness, Education and Compliance (2019). Resource Type: Other. Description: This cybersecurity presentation explores key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. Part 1 of this series will seek to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection will be covered with an emphasis on health center-wide information protection. More Details...

Health Center Security & Compliance System Implementation Guide: 1/1/2019 (2019). Resource Type: Publication. Description: This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. Newer and rurally located Health Centers can especially benefit from guidance and decision support that assists them in determining how to implement systems in a manner that meets compliance requirements and doesn’t expose information to undue security risk. Identifying and managing these types of risk can be especially important when procuring new Health IT e.g. EHRs, Medical Devices, Data Warehouses for the Health Center. This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. Every time a Health Center adopts and implements newly procured technology, they could be exposing themselves to compliance gaps and security risks. Often these topics are addressed after the solution is implemented and are an after-thought. Unfortunately, the later in the adoption process that security is considered, the costlier it becomes to address as it may require redesign or reconfiguration of software, systems, and processes. Especially important for covered entities, like Health Centers, is for this process to meet the regulations outlined within HIPAA. Throughout this document, the related HIPAA requirements are highlighted within each section so as to better understand where this process sits within broader security risk assessment SRA practices. In the Appendix of this guide is an EHR/Health IT Systems checklist that can be used as an implementation interview guide when procuring new resources. This guide can help organizations identify security concerns and design the appropriate solution starting at the design and vendor-selection phase, thereby increasing the likelihood that security will be considered fully throughout the implementation process. Download the full toolkit below, which includes the following sections: System overview Information classification and inventory Business Associate Agreements and Contracts Risk Analysis Identity management Encryption Auditing and logging Contingency planning Workstation requirements Patching Security testing Vendor and developer access Physical security Network segmentation More Details...

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (2019). Resource Type: Publication. Description: Cyber threats to healthcare entities put patient health, business continuity, and IT systems at risk. Under the auspices of the Cybersecurity Act of 2015 (CSA), Section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity. More Details...

Creating and Managing Strong Passwords at Your Health Center: Guidance in relation to updated NIST security requirements and HIPAA (2018). Resource Type: Publication. Description: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  Question: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  After consulting with HITEQ cybersecurity experts and consultants who have helped publish cybersecurity guidelines, the recommendations outlined below were communicated. Answer: The short answer is Yes. HIPAA is not prescriptive and takes the general stance that authentication mechanisms should be “reasonable and appropriate” for the risk they present. Being able to say that you are implementing NIST Standards is a good way to show that you are implementing “reasonable and appropriate” controls. Some standards are relaxed in regards to password change and complexity, those items shouldn’t be taken in isolation. The additional controls in the 800-63 recommendations should also be put in place and can include: Having users check passwords against password lists from breaches e.g., https://haveibeenpwned.com/Passwords  Increasing the length requirements Getting rid of password reminder questions Increasing usability Further Guidance from NCCIC/US-CERT: NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information. NCCIC/US-CERT recommends users take the following actions: Use multi-factor authentication when available. Use different passwords on different systems and accounts. Don't use passwords that are based on personal information that can be easily accessed or guessed. Use the longest password or passphrase permissible by each password system. Don't use words that can be found in any dictionary of any language. Refer to Tips on Choosing and Protecting Passwords and Supplementing Passwords for best practices and additional information. More Details...