Resource Search Results

Cybersecurity Learning Bundle (2024). Resource Type: Toolkit. Description: This page provides resources related to each of eight cybersecurity priority areas that together support the essential and enhanced goals of the Department of Health and Human Services’ Cybersecurity Performance Goals, designed to help healthcare organizations address common vulnerabilities by setting a floor of safeguards that will better protect them from cyber attacks, improve response when events occur, and minimize residual risk. More Details...

HITEQ On the Horizon: What is the future of AI in Health Centers? Collection: Roundtable series (2024). Resource Type: Archived Webinar. Description: The HITEQ Center is planning a series of discussions about what is on the horizon -- this includes the people, processes, and technologies related to UDS+, environmental impacts and environmental determinants of health (EDoH), and Artificial Intelligence (AI). Each session will be interactive and engaging and include time for health center sharing. This series is open to community health centers throughout the nation. More Details...

Health Center Safety and Man-Made Threats Resource Packet: Targeted Resources on Health Center Security, Population-Specific Safety Topics, and Cybersecurity (2024). Resource Type: Publication. Description: This BPHCurates packet provides resources describing mitigation, preparedness, response, and recovery strategies for navigating man-made threats directed towards health centers, their staff, and patients. The man-made threats included in this packet are specifically related to health center security, population-specific safety concerns, and cybersecurity. More Details...

Cyber Insurance & HIPAA Breaches Tip Sheet (2024). Resource Type: Publication. Description: This Tip Sheet specifically addresses how cyber insurance coverage can support health centers in meeting their obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to respond to security incidents and to report breaches. More Details...

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation and Response - Session 4: Virtual Learning Collaborative (2023). Resource Type: Archived Webinar. Description: It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. To support health centers in their cybersecurity strategy and implementation, the HITEQ Center is offering a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative will involve four structured virtual learning sessions. During the series participants engaged with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics included: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective. More Details...

HITEQ Highlights: Enabling a Cyber-Resilient Health Center: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: This HITEQ Highlight aimed to strengthen Health Centers' capacity to build their cyber-resiliency. We covered risk management tools, methods for guarding against cybersecurity assaults, operationalizing cybersecurity to mitigate risks, and breach mitigation tactics. Participants focus on safeguarding data across the entire enterprise and examined approaches to implementing cybersecurity infrastructure through risk management frameworks and strategic risk assessment. More Details...

Cybersecurity: Ask Me Anything: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: This session sought to motivate and educate Health Center staff and leadership on current critical cybersecurity threats, concepts, and methods for the defense of health data. A panel of cybersecurity experts addressed questions on how to best protect the health center from both internal and external network leaks, through malware such as ransomware, and through physical means on-site. More Details...

Promoting Cybersecurity Awareness for Patients: Protecting yourself when using patient portals, health apps, and online medical devices, June 2023. (2023). Resource Type: Archived Webinar. Description: This training guide provides patients with knowledge and awareness about cybersecurity threats to protect their personal health data and to minimize risks from computer viruses and malware. More Details...

A Guide to Essential Cybersecurity Tasks for Health Centers: For health centers with limited resources, developed in June 2023 (2023). Resource Type: Toolkit. Description: In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively. More Details...

Health IT and Cybersecurity Positions and Salaries: Descriptions and Ranges (2023). Resource Type: Field-Generated Publication. * Description: Below is a list of job descriptions that can be used to help describe various health information technology, as well as cybersecurity, employment options. A variety of health information and technology positions are represented. This information is intended to assist health centers in understanding the many different domains of the profession as well as possible job descriptions that could be useful when drafting duties or during recruitment. This information was compiled in early 2022. More Details...

Considerations for Sustaining a Culture of Cybersecurity: Part II: Cybersecurity Risk and Preparation (2022). Resource Type: Archived Webinar. Description: With the rise in cyberattacks of government agencies and large-scale companies, organizations large and small are questioning if they are doing all they should to protect their data. More Details...

Considerations for Sustaining a Culture of Cybersecurity: Part I: Understanding the Essentials (2022). Resource Type: Archived Webinar. Description: With the rise in cyberattacks of government agencies and large-scale companies, organizations large and small are questioning if they are doing all they should to protect their data. More Details...

Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services: HITEQ Highlights webinar (2021). Resource Type: Archived Webinar. Description: Healthcare continues to be the sector most targeted globally by ransomware and related malware attacks and leads in the average total cost of data breach across industries. The FY 2021 American Rescue Plan Funding provides an excellent opportunity for Health Centers to make strategic investments in cybersecurity infrastructure and services. This HITEQ Highlight, presented by Adam Kehler of Online Business Systems provides an overview of assets that can increase Health Center cybersecurity. Topics covered include cybersecurity infrastructure and services that can increase defense-in-depth for health IT, including EHRs, telehealth tools and services, mobile medical devices, patient portals, and related health information software applications. More Details...

Cybersecurity Checklist for Health Center Staff Working Remotely (2020). Resource Type: Publication. Description: This PDF checklist, developed by HITEQ, provides a guide for health center staff to mitigate cybersecurity risks and threats during times of emergency and incident response that have them working remotely from the health center. More Details...

HITEQ Highlights: Health Center Defense Against the Dark Web: Strategies for Building Security Awareness, Education, and Compliance in 2020 (2020). Resource Type: Archived Webinar. Description: This HITEQ Center webinar explored key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. This webinar sought to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection were covered with an emphasis on health center-wide information protection. More Details...

Cyber Security Risks — COVID-19: Best Practices for Health Center Staff Working Remotely (2020). Resource Type: Publication. Description: The number of COVID-19 cases continue to increase throughout the United States, requiring more and more of our health systems to rely on employees working from home at times. While some of us are required to "shelter-in-place," unfortunately that shelter can create increased risks such as cyber security breaches. With good planning, policies, and employee and family education, health centers can minimize risk and support their employees while working remotely. This presentation will inform your Health Center remote workers on best practices for increasing cybersecurity at home. More Details...

Strategic Cybersecurity Breach Protection and Incident Response: Guidance and Resources for Health Centers (2019). Resource Type: Other. Description: This is Part 2 of HITEQ's Health Center Defense Against the Dark Web presentation series. This presentation provides general knowledge about breach mitigation and planning strategies for incident response. More Details...

Health Center Defense Against the Dark Web Presentation: Strategies for Building Security Awareness, Education and Compliance (2019). Resource Type: Other. Description: This cybersecurity presentation explores key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. Part 1 of this series will seek to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection will be covered with an emphasis on health center-wide information protection. More Details...

Health Center Security & Compliance System Implementation Guide: 1/1/2019 (2019). Resource Type: Publication. Description: This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. Newer and rurally located Health Centers can especially benefit from guidance and decision support that assists them in determining how to implement systems in a manner that meets compliance requirements and doesn't expose information to undue security risk. Identifying and managing these types of risk can be especially important when procuring new Health IT e.g. EHRs, Medical Devices, Data Warehouses for the Health Center. This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. Every time a Health Center adopts and implements newly procured technology, they could be exposing themselves to compliance gaps and security risks. Often these topics are addressed after the solution is implemented and are an after-thought. Unfortunately, the later in the adoption process that security is considered, the costlier it becomes to address as it may require redesign or reconfiguration of software, systems, and processes. Especially important for covered entities, like Health Centers, is for this process to meet the regulations outlined within HIPAA. Throughout this document, the related HIPAA requirements are highlighted within each section so as to better understand where this process sits within broader security risk assessment SRA practices. In the Appendix of this guide is an EHR/Health IT Systems checklist that can be used as an implementation interview guide when procuring new resources. This guide can help organizations identify security concerns and design the appropriate solution starting at the design and vendor-selection phase, thereby increasing the likelihood that security will be considered fully throughout the implementation process. Download the full toolkit below, which includes the following sections: System overview Information classification and inventory Business Associate Agreements and Contracts Risk Analysis Identity management Encryption Auditing and logging Contingency planning Workstation requirements Patching Security testing Vendor and developer access Physical security Network segmentation More Details...

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (2019). Resource Type: Publication. Description: Cyber threats to healthcare entities put patient health, business continuity, and IT systems at risk. Under the auspices of the Cybersecurity Act of 2015 (CSA), Section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity. More Details...