Securing Operational Technology in Healthcare: A New Guide
Friday, Jan 17, 2025 3:46 pm ET
1min read The healthcare industry is facing an increasing threat from cyberattacks, with operational technology (OT) systems being a prime target. To address this growing concern, a joint publication by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, Environmental Protection Agency (EPA), Transportation Security Administration (TSA), and international agencies has been released. The guide, titled "Considerations for Securing Operational Technology in Healthcare and Public Health Sector," provides essential considerations for organizations to select and secure OT products.
The guide emphasizes the importance of prioritizing security elements when selecting OT products, such as configuration management, logging in the baseline product, open standards, ownership, and protection of data. Scott Gee, AHA deputy national advisor for cybersecurity and risk, highlighted the significance of these standards, stating, "Keeping these devices secure and operational is critical to the delivery of high-quality patient care. When making purchasing decisions for new technology, hospitals should demand these security standards be part of the product."
Legacy technology also poses a challenge, as updating these systems to meet modern security standards may not always be feasible. In such cases, it is crucial to understand the vulnerabilities in these systems and implement segmentation and monitoring strategies to mitigate risks. Gee also stressed the importance of maintaining business and clinical continuity plans to compensate for a loss of OT for extended periods, such as 30 days or longer.
The guide serves as a reminder for healthcare organizations to assess the clinical and business impact of OT disruptions and implement robust security measures to protect their critical infrastructure. By adhering to these recommendations, healthcare providers can enhance their cybersecurity posture and ensure the delivery of high-quality patient care.
For more information on this or other cyber and risk issues, contact Scott Gee at sgee@aha.org. To access the latest cyber and risk resources and threat intelligence, visit the AHA website.
The guide emphasizes the importance of prioritizing security elements when selecting OT products, such as configuration management, logging in the baseline product, open standards, ownership, and protection of data. Scott Gee, AHA deputy national advisor for cybersecurity and risk, highlighted the significance of these standards, stating, "Keeping these devices secure and operational is critical to the delivery of high-quality patient care. When making purchasing decisions for new technology, hospitals should demand these security standards be part of the product."
Legacy technology also poses a challenge, as updating these systems to meet modern security standards may not always be feasible. In such cases, it is crucial to understand the vulnerabilities in these systems and implement segmentation and monitoring strategies to mitigate risks. Gee also stressed the importance of maintaining business and clinical continuity plans to compensate for a loss of OT for extended periods, such as 30 days or longer.
The guide serves as a reminder for healthcare organizations to assess the clinical and business impact of OT disruptions and implement robust security measures to protect their critical infrastructure. By adhering to these recommendations, healthcare providers can enhance their cybersecurity posture and ensure the delivery of high-quality patient care.
For more information on this or other cyber and risk issues, contact Scott Gee at sgee@aha.org. To access the latest cyber and risk resources and threat intelligence, visit the AHA website.
_8a5375d81748523628683.jpeg)
Don't invest blindly in stocks or crypto when you do not have a proper guide. I lost 30k trying to trade on my own but ever since Mrs Elizabeth Towles stepped in, I have been making huge profits. I made over 450k since October. She is always available to tell you more about investing and give a guide on how to trade visit her on WhatsApp +1(563)279-8487