Department of Health & Human Services
Cybersecurity Practices for Small Healthcare Organizations – 2023 edition that outlines key healthcare cybersecurity practices for small healthcare organizations, as well as resources for managed IT services and vendor selection. It covers topics such as email protection, access management, data protection, and incident response.
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients – The 2023 edition is an expanded document that offers a broader scope and additional insights.
Healthcare Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services – outlines HHS activities focused on hospitals and health systems and identifies the various organizations within HHS focused on these issues.
HHS Office of Civil Rights (OCR)
Cyber Security Guidance Material – Educational materials about HIPAA-related cybersecurity requirements.
Security Risk Assessment Tool – A resource for medium and small providers developed by OCR and the Office of the National Coordinator for Health Information Technology.
Safety Assurance Factors for EHR Resilience (SAFER) Guides – Offers additional information to help healthcare organizations conduct self-assessments.
National Rural Health Resource Center
Cybersecurity Toolkit for Rural Hospitals and Clinics – provides a step-by-step guide covering cybersecurity awareness, assessment, implementation and remediation, and education.
Microsoft Cybersecurity Program for Rural Hospitals – A collaboration of Microsoft, The White House, the American Hospital Association, and the National Rural Health Association, offers rural hospitals access to Microsoft security solutions, resources, and training at no cost.
Google's rural healthcare cybersecurity initiative – Google's rural healthcare cybersecurity initiative aims to bolster rural health systems' resilience to cyberattacks by offering tailored solutions, often at low or no cost. In partnership with government and industry, Google provides tools for access, consulting, and security training, along with implementation support for eligible facilities.
Health Sector Cybersecurity Coordination Center
Prepare, React, and Recover from Ransomware – outlines the actions that medical practitioners, IT professionals, and emergency managers should take to prepare, react to an attack, and recover.
Cybersecurity and Infrastructure Security Agency
Stop Ransomware – Information and tools to learn about, protect from, and respond to ransomware attacks.
Cybersecurity Alerts and Advisories
Vulnerability Summary bulletins – highlights current and emerging concerns.
Incident Response Training – Information covering basic cybersecurity awareness and best practices.
American Hospital Association
Cybersecurity & Risk Advisory section – offers rural hospital resources.
What's Your Cyber Risk Profile? 12 Considerations for CEOs – 12 considerations CEO’s can use to start conversations across their organization.
White House
National Cybersecurity Strategy – March 2023, identifies a broad set of objectives for addressing the risks related to cybersecurity across all industries, including healthcare.