miércoles, 17 de mayo de 2017

HHS Update #4: International Cyber Threat to Healthcare Organizations (Revised)

HealthIT.gov Banner

HHS Update #4: International Cyber Threat to Healthcare Organizations (Revised)


If you are the victim of ransomware or have cyber threat indicators to share (**Revised with web addresses**)
If your organization is the victim of a ransomware attack, HHS recommends the following steps:
  1. Please contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and  FBI's Internet Crime Complaint Center (www.ic3.gov).
  3. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov 
HHS Office of Civil Rights Guidance on HIPAA specific to WannaCry
CISA Protections for private sector information sharing
DHS has provided guidance to non-federal entities sharing threat indicators and defensive measures with federal entities.  This document may be useful to private sector legal council for interpreting CISA protections. Please visit the below link for details: https://www.us-cert.gov/sites/default/files/ais_files/Non-Federal_Entity_Sharing_Guidance_%28Sec%20105%28a%29%29.pdf
Where can I find the most up-to-date information from the U.S. government?
Healthcare and Public Health-directed Resources:
Why connect with your local fusion center?
The federal government leverages the unique skills and capabilities of the National Network of Fusion Centers. With timely, accurate information on potential threats, fusion centers directly contribute to and inform investigations initiated and conducted by federal entities. This National Network is a "force multiplier" in preventing, protecting against, and responding to criminal and terrorist threats. 
FDA's Public Workshop - Cybersecurity of Medical Devices
The Food and Drug Administration (FDA), in association with National Science Foundation (NSF) and Department of Homeland Security, Science and Technology (DHS, S&T) is announcing the following public workshop entitled “Cybersecurity of Medical Devices: A Regulatory Science Gap Analysis.” The purpose of this workshop is to examine opportunities for FDA engagement with new and ongoing research, catalyze collaboration among Health Care and Public Health (HPH), stakeholders to identify regulatory science challenges, discuss innovative strategies to address those challenges, and encourage proactive development of analytical tools, processes, and best practices by the stakeholder community to strengthen medical device cybersecurity. 
This meeting will be held May 18-19, 2017, beginning at 8:00 am - 5:00 pm at the following location:
FDA White Oak Campus
10903 New Hampshire Avenue
Bldg. 31, Room 1503
Silver Spring, MD, 20993
How to request an unauthenticated scan of your public IP addresses from DHS
The US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides integrated threat intelligence and provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks.
  • NCATS focuses on increasing the general health and wellness of the cyber perimeter by broadly assessing for all known external vulnerabilities and configuration errors on a persistent basis, enabling proactive mitigation prior to exploitation by malicious third parties to reduce risk.
  • Attributable data is not shared or disseminated outside of DHS or beyond the stakeholder; non-attributable data is used to enhance situational awareness.
NCATS security services are available at no-cost to stakeholders. For more information please contact NCATS_INFO@hq.dhs.gov

No hay comentarios: