CISA Offers Toolkit to Improve Healthcare Cybersecurity

CISA is offering a cybersecurity toolkit with tools, resources, and training to help healthcare providers improve cybersecurity.

The American Dental Association (ADA) is making members aware that several government agencies have partnered to create a cybersecurity toolkit for the healthcare and public health sector, many elements of which will benefit dentists.

The Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services and the Health Sector Coordinating Council Cybersecurity Working Group are offering tools, resources, and training to help the healthcare sector increase cybersecurity.

According to CISA, the toolkit will help organizations “build their cybersecurity foundation and progress to implement more advanced, complex tools to strengthen their defenses and stay ahead of current threats” as well as “proactively assess vulnerabilities and implement solutions.”

For dental professionals, several resources may be especially useful, including the cybersecurity education platform Knowledge on Demand. Knowledge on Demand offers five free cybersecurity trainings that align with the top five threats named in HHS’ Health Industry Cybersecurity Practices. Each training contains job aid, interactive videos, a PowerPoint presentation with notes and content intended for a learning management system.

Dental professionals are also encouraged to check out CISA’s Secure Your Business information sheet, which examines four ways to protect an organization from online threats: teaching employees to avoid phishing, requiring strong passwords, requiring multifactor authentication and updating business software.

Finally, dental providers should visit the Office of the National Coordinator for Health Information Technology’s Security Risk Assessment Tool, a resource designed to help medium and small providers conduct a security risk assessment as required by the Health Insurance Portability and Accountability Act. The desktop application will determine whether an organization is compliant with HIPAA’s administrative, physical and technical safeguards, as well as whether protected health information is at risk.