Cybersecurity Practices for Health Care Organizations~ RJ BLANCHARD BENEFIT SERVICES

Page 100

Threats Mitigated 1. E-mail phishing attacks 2. Ransomware attacks 3. Loss or theft of equipment or data 4. Insider, accidental or intentional data loss 5. Attacks against connected medical devices that may affect patient safety

Suggested Metrics 

Number of policies reviewed over a specified timeframe. The goal is to establish a standard practice to review policies and to monitor compliance with this standard.

Number of workforce members who review and sign off after reading policies over a specified timeframe. The goal is to establish a standard practice for workforce members to review applicable policies and attest to the review, and for the organization to monitor compliance with this standard.

100

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Appendix B: References

3min
pages 105-108

Table 13. Incident Response Plays for Attacks Against Medical Devices

8min
pages 93-96

Table 15. Acronyms and Abbreviations

0
page 100

Table 14. Example Cybersecurity Policies for Consideration

0
page 97

Cybersecurity Practice #9: Medical Device Security

10min
pages 87-91

Table 12. Timeframes for Resolving Medical Device Vulnerabilities

1min
page 92

Table 11. Roles and Responsibilities for an Organizational CIRT

17min
pages 79-86

Table 9. Factors for Consideration in Penetration Test Planning

6min
pages 69-72

Cybersecurity Practice #6: Network Management

15min
pages 57-64

Cybersecurity Practice #8: Security Operations Center and Incident Response

4min
pages 73-74

Table 10. Example Incident Response Plays for IR Playbooks

5min
pages 75-78

Cybersecurity Practice #7: Vulnerability Management

5min
pages 65-67

Cybersecurity Practice #5: IT Asset Management

8min
pages 52-56

Table 7. Expanding DLP to Other Data Channels

3min
pages 49-51

Table 6. Data Channels for Enforcing Data Policies

2min
page 48

Table 3. Example of a Data Classification Schema

1min
page 43

Table 5. Security Methods to Protect Data

6min
pages 45-47

Table 4. Suggested Procedures for Data Disclosure

1min
page 44

Cybersecurity Practice #4: Data Protection and Loss Prevention

1min
page 42

Cybersecurity Practices at Medium-Sized Health Care Organizations

4min
pages 4-6

Table 1. E-mail Protection Controls

19min
pages 15-23

Cybersecurity Practice #3: Identity and Access Management

23min
pages 31-41

Cybersecurity Practice #2: Endpoint Protection Systems

1min
page 24

Table 2. Basic Endpoint Controls to Mitigate Risk at Endpoints

9min
pages 25-30

Cybersecurity Practices at Large Health Care Organizations

3min
pages 7-8

Cybersecurity Practice #1: E-mail Protection Systems

1min
page 14

Introduction

0
page 3
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.