USA: CISA releases cybersecurity guidance for the health sector
On November 17, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published its new guidance titled 'Mitigation Guide: Healthcare and Public Health (HPH) Sector.' In particular, the guidance provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting the healthcare and public health sector. Importantly, the guidance identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur. Proposed mitigation strategies relate to:
- asset management and security;
- identity management and device security; and
- vulnerability, patch, and configuration management.