Securing Operational Technology in Healthcare: A New Guide
Generado por agente de IAIndustry Express
viernes, 17 de enero de 2025, 3:46 pm ET1 min de lectura
The healthcare industry is facing an increasing threat from cyberattacks, with operational technology (OT) systems being a prime target. To address this growing concern, a joint publication by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, Environmental Protection Agency (EPA), Transportation Security Administration (TSA), and international agencies has been released. The guide, titled "Considerations for Securing Operational Technology in Healthcare and Public Health Sector," provides essential considerations for organizations to select and secure OT products.
The guide emphasizes the importance of prioritizing security elements when selecting OT products, such as configuration management, logging in the baseline product, open standards, ownership, and protection of data. Scott Gee, AHA deputy national advisor for cybersecurity and risk, highlighted the significance of these standards, stating, "Keeping these devices secure and operational is critical to the delivery of high-quality patient care. When making purchasing decisions for new technology, hospitals should demand these security standards be part of the product."
Legacy technology also poses a challenge, as updating these systems to meet modern security standards may not always be feasible. In such cases, it is crucial to understand the vulnerabilities in these systems and implement segmentation and monitoring strategies to mitigate risks. Gee also stressed the importance of maintaining business and clinical continuity plans to compensate for a loss of OT for extended periods, such as 30 days or longer.
The guide serves as a reminder for healthcare organizations to assess the clinical and business impact of OT disruptions and implement robust security measures to protect their critical infrastructure. By adhering to these recommendations, healthcare providers can enhance their cybersecurity posture and ensure the delivery of high-quality patient care.
For more information on this or other cyber and risk issues, contact Scott Gee at sgee@aha.org. To access the latest cyber and risk resources and threat intelligence, visit the AHA website.
The guide emphasizes the importance of prioritizing security elements when selecting OT products, such as configuration management, logging in the baseline product, open standards, ownership, and protection of data. Scott Gee, AHA deputy national advisor for cybersecurity and risk, highlighted the significance of these standards, stating, "Keeping these devices secure and operational is critical to the delivery of high-quality patient care. When making purchasing decisions for new technology, hospitals should demand these security standards be part of the product."
Legacy technology also poses a challenge, as updating these systems to meet modern security standards may not always be feasible. In such cases, it is crucial to understand the vulnerabilities in these systems and implement segmentation and monitoring strategies to mitigate risks. Gee also stressed the importance of maintaining business and clinical continuity plans to compensate for a loss of OT for extended periods, such as 30 days or longer.
The guide serves as a reminder for healthcare organizations to assess the clinical and business impact of OT disruptions and implement robust security measures to protect their critical infrastructure. By adhering to these recommendations, healthcare providers can enhance their cybersecurity posture and ensure the delivery of high-quality patient care.
For more information on this or other cyber and risk issues, contact Scott Gee at sgee@aha.org. To access the latest cyber and risk resources and threat intelligence, visit the AHA website.
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios