Securing Operational Technology in Healthcare: A New Guide
Generated by AI AgentIndustry Express
Friday, Jan 17, 2025 3:46 pm ET1min read
The healthcare industry is facing an increasing threat from cyberattacks, with operational technology (OT) systems being a prime target. To address this growing concern, a joint publication by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, Environmental Protection Agency (EPA), Transportation Security Administration (TSA), and international agencies has been released. The guide, titled "Considerations for Securing Operational Technology in Healthcare and Public Health Sector," provides essential considerations for organizations to select and secure OT products.
The guide emphasizes the importance of prioritizing security elements when selecting OT products, such as configuration management, logging in the baseline product, open standards, ownership, and protection of data. Scott Gee, AHA deputy national advisor for cybersecurity and risk, highlighted the significance of these standards, stating, "Keeping these devices secure and operational is critical to the delivery of high-quality patient care. When making purchasing decisions for new technology, hospitals should demand these security standards be part of the product."
Legacy technology also poses a challenge, as updating these systems to meet modern security standards may not always be feasible. In such cases, it is crucial to understand the vulnerabilities in these systems and implement segmentation and monitoring strategies to mitigate risks. Gee also stressed the importance of maintaining business and clinical continuity plans to compensate for a loss of OT for extended periods, such as 30 days or longer.
The guide serves as a reminder for healthcare organizations to assess the clinical and business impact of OT disruptions and implement robust security measures to protect their critical infrastructure. By adhering to these recommendations, healthcare providers can enhance their cybersecurity posture and ensure the delivery of high-quality patient care.
For more information on this or other cyber and risk issues, contact Scott Gee at sgee@aha.org. To access the latest cyber and risk resources and threat intelligence, visit the AHA website.
The guide emphasizes the importance of prioritizing security elements when selecting OT products, such as configuration management, logging in the baseline product, open standards, ownership, and protection of data. Scott Gee, AHA deputy national advisor for cybersecurity and risk, highlighted the significance of these standards, stating, "Keeping these devices secure and operational is critical to the delivery of high-quality patient care. When making purchasing decisions for new technology, hospitals should demand these security standards be part of the product."
Legacy technology also poses a challenge, as updating these systems to meet modern security standards may not always be feasible. In such cases, it is crucial to understand the vulnerabilities in these systems and implement segmentation and monitoring strategies to mitigate risks. Gee also stressed the importance of maintaining business and clinical continuity plans to compensate for a loss of OT for extended periods, such as 30 days or longer.
The guide serves as a reminder for healthcare organizations to assess the clinical and business impact of OT disruptions and implement robust security measures to protect their critical infrastructure. By adhering to these recommendations, healthcare providers can enhance their cybersecurity posture and ensure the delivery of high-quality patient care.
For more information on this or other cyber and risk issues, contact Scott Gee at sgee@aha.org. To access the latest cyber and risk resources and threat intelligence, visit the AHA website.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet