Cyber Risk Management: A Guide for Healthcare Providers and Administrators
This resource is only available in PDF. To download, select the icon from the top right-hand corner of this page.
HIROC is committed to providing accessible content. If you require this material in an alternative format, please contact us at [email protected]. For more information, please visit our AODA page.
In this guide, you'll find:
- Introduction
- Purpose of the Guide
- The Cyber Threat Landscape in Healthcare
- Accountability Rests With the Board and Senior Management
- Cyber Security Incident and Loss Prevention Strategies
- Build resilience through cyber security awareness and training
- Understanding the “current state”
- Essential information technology processes and solutions
- System updates and patch management
- Proper passwords practices
- Multi-factor authentication
- Privileged accounts
- Detecting cyber security incidents early on
- Other key controls and mitigation strategies
- Protecting the premises
- Medical devices and cyber security
- Vendor management and third party risks
- Cloud service providers
- Select and follow a standard cyber security framework
- Cyber Security Incident Response and Business Continuity Plan
- Who is on your Incident Response Team
- Backups and restoration
- Clearly articulate your system downtime policy
- Create a Communications Plan
- Identify legal obligations
- Review your insurance policy
- Immediate Management of Cyber Security Incidents
- Post-Cyber Security Incident Recovery and Management
- Why reporting is critical
- Final Thoughts
- References
- Appendix: Ransomware checklist
Download a copy of the complete guide by selecting the PDF icon near the breadcrumb above.