The Cybersecurity and Infrastructure Security Agency (CISA) published its new guidance “Mitigation Guide: Healthcare and Public Health (HPH) Sector,” which provides defensive mitigation strategy recommendations and best practices to combat cyber threats affecting the healthcare and public health sector.
CISA identified common vulnerabilities and insecure configurations across the HPH Sector, such as:
- Web application vulnerabilities
- Encryption weaknesses
- Unsupported software
- Unsupported Windows operating systems
- Known exploited vulnerabilities
- Vulnerable services
Suggested mitigation strategies include:
- Asset management and security
- Identity management and device security (including phishing prevention and password policies)
- Vulnerability, patch, and configuration management.
This looks like another good resource to help you benchmark your security best practices.
This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure sector. It also identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur.