USA: HSCC and H-ISAC jointly release cybersecurity tactical guidance
The Healthcare and Public Health Sector Coordinating Council ('HSCC') and the Health Information Sharing and Analysis Center ('H-ISAC') released, on 18 May 2020, guidance ('the Guidance') for healthcare entities on ways to manage their cybersecurity tactical crisis response during an emergency, such as the COVID-19 ('Coronavirus') pandemic. In particular, the Guide notes that smaller organisations can leverage the resources as a list of activities to consider, while larger organisations can leverage the document as a sanity check for existing plans. Furthermore, the Guidance outlines important considerations for incident response plans including education and outreach, enhancing prevention techniques, detection and response, and taking care of the team. In addition, the Guidance highlights how cybersecurity teams can limit their potential attack surface by implementing policies such as vulnerability management, accelerating patching, reviewing privacy policies in medical devices and internet of things, and minimise vendor access. Finally, the Guidance provides several resources to aid in organisations cybersecurity practices.
You can read the Guidance here.