The Cybersecurity and Infrastructure Security Agency leverages multiple open-source and internal tools to proactively research and detect vulnerabilities within U.S. critical infrastructure as part of its new Ransomware Vulnerability Warning Pilot, which started on January 30.
WHY IT MATTERS
On Monday, CISA announced the creation of its RVWP program required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
CISA says it can accomplish ransomware-vulnerability warning by leveraging its existing services, data sources, technologies and authorities, including the agency’s Cyber Hygiene Vulnerability Scanning service and its Administrative Subpoena Authority granted under Section 2209 of the Homeland Security Act of 2002, according to theFAQon its website.
“Organizations across all sectors and of all sizes are too frequently impacted by damaging ransomware incidents,” CISA said in the new FAQ.
Most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network. But damaging intrusions could be avoided by warning critical infrastructure entities, like hospitals and healthcare systems, of detected security vulnerabilities.
Once CISA identifies affected systems, regional cybersecurity personnel notify system owners.
CISA also offers no-cost cybersecurity resources and tools. It recommends that organizations sign up for its no-cost Cyber Hygiene Vulnerability Scanning service and take a self-assessment to determine progress in implementing cybersecurity performance goals.
By building a relationship with a regional CISA cybersecurity advisor, healthcare organizations can participate in additional services, the agency added.
THE LARGER TREND
Toimprove the cybersecurity posture of healthcarethe Department of Health and Human Services has recommended enterprise-wide risk analyses and a series of best practices, including vulnerability scans of all systems and devices to reduce the risks of common cyberattacks.
Vulnerability management has been the most important part of cybersecurity for the past 20 years, according to Darren Lacey, vice president and CISO for Johns Hopkins University and Johns Hopkins Medicine.
“We chase down vulnerabilities and, in fact, if you had to say what was the biggest change in cybersecurity over the last 10 years along with the ransomware spike would be the number of publicized vulnerabilities,” he toldHealthcare IT Newsin September.
Ransomware attacks doubledbetween 2020 and 2022, and with cyberattacks getting more innovative in their approaches over time, it behooves all healthcare organizations to make use of all the cybersecurity services CISA, HHS and industry resources offer.
ON THE RECORD
“Many of these incidents are perpetrated by ransomware threat actors using known vulnerabilities,” CISA says in its new RVWP program FAQ. “By urgently fixing these vulnerabilities, organizations can significantly reduce their likelihood of experiencing a ransomware event.”
Andrea Fox is senior editor of Healthcare IT News.
Email:afox@himss.org
Healthcare IT News is a HIMSS Media publication.
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Fruit of the Loom Men's Eversoft Cotton Stay Tucked Crew T-Shirt
$18.48 (as of June 25, 2024 21:04 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
ESR for iPhone 15 Pro Max Case, Compatible with MagSafe, Military-Grade Protection, Yellowing…
$16.99 (as of June 25, 2024 21:04 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
2025 US RED BOOK of United States Coins and 1976 Ike Dollar US Mint Circ
$23.99 (as of June 25, 2024 21:05 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
USB C Car Charger, 3-Port 67W Dual USB-C & USB-A Car Power Adapter PD/QC Fast Charging Cigarette Lighter for iPhone 15/14/13/12/11/Pro Max, iPad, Samsung Galaxy S24/S23/S22/S21, Google Pixel, Android
$9.99 (as of June 25, 2024 21:05 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
