The Department of Health and Human Services stepped in Monday to help healthcare providers fend off cybersecurity attacks. HHS announced new resources, including an educational and training platform, to help providers mitigate the risk of being attacked by hackers.
The Knowledge on Demand platform provides free cybersecurity training to the health sector workforce and is the first time HHS has offered such training. The platform provides awareness training in five cybersecurity topics: social engineering, ransomware, loss or theft of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.
“Cyberattacks are one of the biggest threats facing our healthcare system today, and the best defense is prevention,” Deputy HHS Secretary Andrea Palm said in a statement. “These trainings will serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring that those hospitals and health care organizations most vulnerable to attack can take steps toward resilience.”
All available training including videos, job aids and PowerPoints, can be accessed and launched directly from the 405(d) website.
The platform is also home to the newly updated Health Industry Cybersecurity Practices (HICP) 2023 Edition publication. The publication is an effort to raise awareness of cybersecurity risks, provide best practices, and help the healthcare and public health sector set standards in preventing the most pertinent cybersecurity threats to the industry.
The Federal Bureau of Investigation’s Internet Crime Complaint Center named healthcare and public health the top target of ransomware attacks last year. The Theft Research Center also named healthcare the top target of cyber criminals for the third year in a row in 2022.
Home healthcare firms have been among the targets. Last year, Aveanna Healthcare paid a $425,000 fine to the Massachusetts attorney general’s office for failing to protect the personal information of employees and patients from phishing attacks. The state said hackers may have accessed the personal information of up to 4,000 Massachusetts residents.
