CISA Releases New COVID-19 Resources to Secure Business
and Clinical IT for Healthcare Delivery Organizations

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released three new COVID-19 resources to help Healthcare Delivery Organizations secure their business and clinical IT systems from malicious cyber threats.

COVID-19 Checklist: Securing Your Business and Clinical IT
CISA has created a cybersecurity checklist to assist healthcare delivery organization in mitigating vulnerabilities and protecting against malicious actors. Hospitals and healthcare facilities are facing cyber-attacks of varied sophistication, including criminal networks and nation states. Implementing these protocols, and instilling a culture of digital vigilance, will allow HDOs to focus on COVID vaccine and overall patient care priorities instead of the consequences of a cyber-incident.

Domain-Based Message Authentication, Reporting and Conformance (DMARC)
The DMARC product was created to call attention to an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.

Multi-factor authentication (MFA)
Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.

Ideally, these CISA products are intended to assist healthcare delivery organizations to focus on COVID vaccine and overall patient care priorities instead of the consequences of a cyber-incident.

For questions regarding these products, please visit the CISA COVID-19 Resource Page or contact us at [email protected].