����������

The Cybersecurity and Infrastructure Security Agency Dec. 15 released an advisory on ways health care organizations can enhance their cybersecurity protection. CISA recommends that organizations use longer and more complex passwords; ensure that only ports, protocols and services with validated business needs are running on each system; train users against password reuse; discontinue reuse or sharing of administrative credentials among systems; and implement a security awareness program that focuses on methods commonly used in intrusions that can be blocked through individual action, among other solutions. 

“This report of findings from a network penetration test of a health care organization conducted by CISA provides useful guidance which may be applicable to other health care organizations,” said John Riggi, AHA national advisor for cybersecurity and risk. “In particular, the recommendations outlined in Table 6 of the document may help organizations identify and mitigate key sources of cyber risk. CISA has become very pro-active in helping organizations share best practices in mitigating cyber risk and conducts free risk and vulnerability .”&�Բ�����;
 
For more information on cyber and risk issues contact Riggi at jriggi@aha.org. For the latest cyber and risk information and resources visit www.aha.org/cybersecurity.