Cyber Risk Management: A Guide for Healthcare Providers and Administrators

Service: Risk Management
Subject: Cyber
Setting: Privacy

This resource is only available in PDF. To download, select the icon from the top right-hand corner of this page.

Cyber guide cover

In this guide, you'll find:

  • Introduction
  • Purpose of the Guide
  • The Cyber Threat Landscape in Healthcare
  • Accountability Rests With the Board and Senior Management
  • Cyber Security Incident and Loss Prevention Strategies
    • Build resilience through cyber security awareness and training
    • Understanding the “current state”
    • Essential information technology processes and solutions
      • System updates and patch management
      • Proper passwords practices
      • Multi-factor authentication
      • Privileged accounts
      • Detecting cyber security incidents early on
      • Other key controls and mitigation strategies
    • Protecting the premises
    • Medical devices and cyber security
    • Vendor management and third party risks
      • Cloud service providers
      • Select and follow a standard cyber security framework
  • Cyber Security Incident Response and Business Continuity Plan
    • Who is on your Incident Response Team
    • Backups and restoration
    • Clearly articulate your system downtime policy
    • Create a Communications Plan
    • Identify legal obligations
    • Review your insurance policy
  • Immediate Management of Cyber Security Incidents
  • Post-Cyber Security Incident Recovery and Management
    • Why reporting is critical
  • Final Thoughts
    • References
    • Appendix: Ransomware checklist

Download a copy of the complete guide by selecting the PDF icon near the breadcrumb above.