Cyber Risk Management: A Guide for Healthcare Providers and Administrators

This resource is only available in PDF. To download, select the icon from the top right-hand corner of this page.

HIROC is committed to providing accessible content. If you require this material in an alternative format, please contact us at [email protected]. For more information, please visit our AODA page.

In this guide, you'll find:

• Introduction
• Purpose of the Guide
• The Cyber Threat Landscape in Healthcare
• Accountability Rests With the Board and Senior Management
• Cyber Security Incident and Loss Prevention Strategies
  • Build resilience through cyber security awareness and training
  • Understanding the “current state”
  • Essential information technology processes and solutions
    • System updates and patch management
    • Proper passwords practices
    • Multi-factor authentication
    • Privileged accounts
    • Detecting cyber security incidents early on
    • Other key controls and mitigation strategies
  • Protecting the premises
  • Medical devices and cyber security
  • Vendor management and third party risks
    • Cloud service providers
    • Select and follow a standard cyber security framework
• Cyber Security Incident Response and Business Continuity Plan
  • Who is on your Incident Response Team
  • Backups and restoration
  • Clearly articulate your system downtime policy
  • Create a Communications Plan
  • Identify legal obligations
  • Review your insurance policy
• Immediate Management of Cyber Security Incidents
• Post-Cyber Security Incident Recovery and Management
  • Why reporting is critical
• Final Thoughts
  • References
  • Appendix: Ransomware checklist

Download a copy of the complete guide by selecting the PDF icon near the breadcrumb above.