Cyber Risk Toolkit

UpGard provides a step-by-step guide to conducting a proactive cyber security risk assessment to identify opportunties for improvement and areas in need of risk reduction processes.

The NAIC provides resources for the insurance sector in cybersecurity risks and attacks.

IRM provides resources for risk professionals in the area of cyber risk and security.

Microsoft provides an article on cybercriminals conducting phishing attacks and risk reduction measures.

Resources are provided to assist healthcare entities with prevention and recovering from ransomware attacks.

This playbook provides a framework that can serve as a tool in addressing cybersecurity threats impacting medical devices and equipment with the potential to impact safe patient care and clinical operations. This comprehensive guide addresses medical device inventory, hazard vulnerability analysis, emergency operations plan, incident response, training and post-event reporting.

Medjacking, also known as medical device hijacking, is a security threat to healthcare organizations because connected medical devices can be hacked, exposing confidential patient information. This threat targets devices directly associated with patient care. It is imperative for organizations to review security of medical devices and ensure security strategies are in place to protect against a direct threat to patients. This white paper developed by Great Bay Software, Inc in Bloomington, MN recommends five best practices to mitigate the risks from medjacking.

The U. S. Department of Health and Human Services has issued voluntary best practices, including 10 great tips for healthcare organizations for managing cyber threats and protecting patients.

Provides proactive steps to assist with reducing the risk of cybersecurity threats.

HHS provides information on how to prevent different types of cyberattacks.

The LHA Trust Funds Tokio Marine CyberNET Support provides continually updated information, on-demand advice and a wide range of cyber risk management resources. This member-only toolkit portal provides access to legal advice, email alerts, webinars and comprehensive online training for risk managers and employees.

Available on our CHER Online Education Portal.

The ONC provides resources in Health IT efforts and the promotion of health information exchange networks as a way to improve patient care.

The National Cyber Awareness System provides realtime alerts, analysis reports and current activites in cyber security issues.

AHA provides resources in cybersecurity vulnerabilities for healthcare organizations.

TRACIE provides resources in emergency preparedness for healthcare facilities in the area of cybersecurity.

This form distinguishes changes in behavior, patterns that lead to this behavior, and how to identify them.

This paper assists in knowing how to assess triggers, including self-presentation and early identification of changes in a patient’s behavior to de-escalate a situation and handle a threat.

This factsheet from CISA (Cybersecurity & Infrastructure Security Agency) provides a pathway related to warning signs, prevention, and interventions to handle violence.

A series on de-escalation, including recognizing, assessing, de-escalating, and reporting suspicious or escalating behaviors, including factors that trigger this type of behavior.

This attachment teaches how to manage these behaviors with appropriate responses through communication, gestures and the demeanor utilized to control the event.

This document assists in identifying a viable threat and using the proper channels to report an emergency incident to appropriate authorities.

A guide on compromised credential material. It includes elements that help recognize risks and strategies to mitigate these risks.