Cyber Risk Toolkit
Because cyber security risks are constantly evolving, we want the members of our LHA Trust Funds to be as knowledgeable and prepared as possible. This toolkit provides proprietary information as well as public domain information about cyber risks.Cybersecurity Risk Assessment
Conducting a risk assessment is a proactive way to identify opportunites in your cyber security program. This resource provides a step-by-step guide.
-
UpGuard: How to Perform an IT Cyber Security Risk Assessment: Step-by-Step Guide
UpGard provides a step-by-step guide to conducting a proactive cyber security risk assessment to identify opportunties for improvement and areas in need of risk reduction processes.
Understanding Cybersecurity Risks
Learning how to protect your organization from cybersecurity attacks starts with understanding the risks within your organization. These resources provide information on risk reduction strategies to identify and address potential risks.
-
National Association of Insurance Commissioners: Cybersecurity
The NAIC provides resources for the insurance sector in cybersecurity risks and attacks.
-
Institute of Risk Management: Cyber Risk and Risk Management
IRM provides resources for risk professionals in the area of cyber risk and security.
-
HIPAA Journal: Defending Against Spear Phishing Attacks
Microsoft provides an article on cybercriminals conducting phishing attacks and risk reduction measures.
Cybersecurity Best Practices
Implementing best practices in cybersecurity is important for healthcare organizations to have in place to reduce cybersecurity risks and potential attacks.
-
Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook
This playbook provides a framework that can serve as a tool in addressing cybersecurity threats impacting medical devices and equipment with the potential to impact safe patient care and clinical operations. This comprehensive guide addresses medical device inventory, hazard vulnerability analysis, emergency operations plan, incident response, training and post-event reporting.
-
White Paper: Five Best Practices For Mitigating Medical Device Security Risks
Medjacking, also known as medical device hijacking, is a security threat to healthcare organizations because connected medical devices can be hacked, exposing confidential patient information. This threat targets devices directly associated with patient care. It is imperative for organizations to review security of medical devices and ensure security strategies are in place to protect against a direct threat to patients. This white paper developed by Great Bay Software, Inc in Bloomington, MN recommends five best practices to mitigate the risks from medjacking.
-
Department of Health and Human Services: Top 10 Tips for Cybersecurity in Healthcare
The U. S. Department of Health and Human Services has issued voluntary best practices, including 10 great tips for healthcare organizations for managing cyber threats and protecting patients.
Cybersecurity Online Resources
Online Cybersecurity resources are provded for healthcare providers to minimize the risk of a cyber security attack.
-
TokioMarine CyberNET
The LHA Trust Funds Tokio Marine CyberNET Support provides continually updated information, on-demand advice and a wide range of cyber risk management resources. This member-only toolkit portal provides access to legal advice, email alerts, webinars and comprehensive online training for risk managers and employees.
Available on our CHER Online Education Portal.
-
The Office of the National Coordinator for Health Information Technology
The ONC provides resources in Health IT efforts and the promotion of health information exchange networks as a way to improve patient care.
-
National Cyber Awareness System
The National Cyber Awareness System provides realtime alerts, analysis reports and current activites in cyber security issues.