Overview
Cybersecurity threats in the healthcare sector take on many forms.
- Malware, data breaches, and insider threats expose affected patients' protected health information (PHI).
- Successful ransomware attacks oftentimes lead to IT network disruptions, which can limit facilities' ability to provide patient care.
- Cyber threat actors (CTAs) use phishing attacks to compromise employees' inboxes and conduct business email compromise (BEC) scams, costing healthcare facilities and organizations in their supply chain both time and money.
Threats such as these undermine the confidentiality, availability, and integrity of information handled by healthcare organizations. Patients may not be able to receive life-saving treatment in a timely manner as a result.
Top Security Concerns and Solutions
Hospitals, clinics, nursing homes, and other healthcare providers store tremendous amounts of PHI and need 24x7x365 uninterrupted access to their systems to properly care for patients.
CIS offers many solutions that can help.
Stringent Regulations
Available to All Healthcare Organizations:
- Streamline Your Implementation of CIS Security Best Practices with CIS SecureSuite®
- Remove the Guesswork from Hardening Your Systems with the CIS Benchmarks™
- Strengthen Your Defenses against Common Cyber Threats with the CIS Controls®
- Simplify Secure Configuration Management in the Cloud with CIS Hardened Images®
- Implement and Assess Your Security Posture Against the Controls with the CIS Risk Assessment Method (RAM)
Available to Public Healthcare Organizations:
- Improve Your Cyber Defenses with Help From the MS-ISAC®
- Monitor Your Network for Malicious Activity with Albert Network Monitoring and Management
- Gain Real-Time Visibility into Your Endpoints with CIS Endpoint Security Services (ESS)
- Filter False Positives out of Your Threat Reviews with Managed Security Services (MSS)
- Subject Your Defenses to a Simulated Cyber Attack with Penetration Testing
- Audit Your Network and Manage Your Vulnerabilities
Highly Targeted by Cyber Threat Actors
Available to All Healthcare Organizations:
- Streamline Your Implementation of CIS Security Best Practices with CIS SecureSuite®
- Remove the Guesswork from Hardening Your Systems with the CIS Benchmarks™
- Strengthen Your Defenses against Common Cyber Threats with the CIS Controls®
- Simplify Secure Configuration Management in the Cloud with CIS Hardened Images®
- Implement and Assess Your Security Posture against the Controls with the CIS Risk Assessment Method (CIS RAM)
Available to Public Healthcare Organizations:
- Improve Your Cyber Defenses with Help From the MS-ISAC®
- Monitor Your Network for Malicious Activity with Albert Network Monitoring and Management
- Gain Real-Time Visibility into Your Endpoints with CIS Endpoint Security Services (ESS)
- Proactively Block Requests to Known Malicious Domains at Bay with MDBR+
- Audit Your Network and Manage Your Vulnerabilities
Security Talent Shortages
Available to All Healthcare Organizations:
- Remove the Guesswork from Hardening Your Systems with the CIS Benchmarks™
- Check the Availability of CIS Hardened Images on all Major CSPS
- Implement and Assess Your Security Posture against the Controls with the CIS Risk Assessment Method (RAM)
Available to Public Healthcare Organizations:
- Improve Your Cyber Defenses with Help From the MS-ISAC®
- Monitor Your Network for Malicious Activity with Albert Network Monitoring and Management
- Gain Real-Time Visibility into Your Endpoints with CIS Endpoint Security Services (ESS)
- Proactively Block Requests to Known Malicious Domains at Bay with MDBR+
- Subject Your Defenses to a Simulated Cyber Attack with Penetration Testing
- Audit Your Network and Manage Your Vulnerabilities
Undertrained Employees and the Cost of Human Error
Available to All Healthcare Organizations:
- Streamline Your Implementation of CIS Security Best Practices with CIS SecureSuite®
- Remove the Guesswork from Hardening Your Systems with the CIS Benchmarks™
- Strengthen Your Defenses against Common Cyber Threats with the CIS Controls®
- Simplify Secure Configuration Management in the Cloud with CIS Hardened Images®
- Implement and Assess Your Security Posture against the Controls with the CIS Risk Assessment Method (RAM)
Available to Public Healthcare Organizations:
- Improve Your Cyber Defenses with Help From the MS-ISAC®
- Monitor Your Network for Malicious Activity with Albert Network Monitoring and Management
- Gain Real-Time Visibility into Your Endpoints with CIS Endpoint Security Services (ESS)
- Proactively Block Requests to Known Malicious Domains at Bay with MDBR+
- Subject Your Defenses to a Simulated Cyber Attack with Penetration Testing
- Audit Your Network and Manage Your Vulnerabilities
Supply Chain and Third-Party Vulnerabilities
Available to All Healthcare Organizations:
- Streamline Your Implementation of CIS Security Best Practices with CIS SecureSuite®
- Remove the Guesswork from Hardening Your Systems with the CIS Benchmarks™
- Strengthen Your Defenses against Common Cyber Threats with the CIS Controls®
- Simplify Secure Configuration Management in the Cloud with CIS Hardened Images®
- Implement and Assess Your Security Posture against the Controls with the CIS Risk Assessment Method (RAM)
Available to Public Healthcare Organizations:
- Improve Your Cyber Defenses with Help From the MS-ISAC®
- Monitor Your Network for Malicious Activity with Albert Network Monitoring and Management
- Gain Real-Time Visibility into Your Endpoints with CIS Endpoint Security Services (ESS)
- Subject Your Defenses to a Simulated Cyber Attack with Penetration Testing
- Audit Your Network and Manage Your Vulnerabilities
Common Threats
400
hospitals400 hospitals impacted by a ransomware attack on one major hospital system.1
RANSOMWARE700%
increase700% increase in COVID-themed phishing emails directed towards the healthcare sector and general public.2
PHISHING12.6
million12.6 million individuals affected by 162 hacking incidents on healthcare entities within a three month period.3
DATA BREACHTargeted Data
Personally Identifiable
Information (PII)
Information (PII)
Protected Health
Information (PHI)
Information (PHI)
Payment
Information
Information
Business
Intelligence
Intelligence
Intellectual
Property
Property
Explore CIS Resources
1 / 7
What Our Members Are Saying
this really is my dream job – being able to take my skills and have the opportunity to apply the CIS Controls to an organization that is more than willing to raise the bar for cybersecurity maturity.” “I was blown away with a great instructor who introduced me to the CIS Controls and how great it would be to get into somewhere to use the CIS Controls.
John Culotta, Systems administrator and Security officer at Wilmington Gastroenterology