The US Cybersecurity and Infrastructure Security Agency (CISA) has released a Mitigation Guide specifically tailored for the Healthcare and Public Health (HPH) sector.
The new guide outlines defensive mitigation strategies and best practices to counteract prevalent cyber-threats targeting critical infrastructure in the healthcare domain.
The paper, published on Friday, emphasizes the importance of vulnerability management, which it defines as the continuous identification, assessment and remediation of cyber vulnerabilities in software and systems.
It underscores the need for organizations to conduct regular vulnerability scans, prioritize assets based on criticality and leverage threat intelligence to address actively exploited vulnerabilities. The guide also details a step-by-step vulnerability management lifecycle, guiding entities from identification to improvement.
Additionally, the document addresses the significance of configuration and change management (CCM) in tandem with established vulnerability and patch management solutions. HPH entities are encouraged to implement security configuration management to identify and rectify misconfigurations in default system settings.
Incidentally, in a move towards a more secure future, CISA co-authored and published “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” on April 13. This publication, recently updated, advocates for a paradigm shift in technology product development, urging manufacturers to prioritize security in the design and development phase rather than relying on post-deployment patches.
Read more on this strategy: Industry Experts Urge CISA to Update Secure by Design Guidance
The guide concludes with a focus on HPH sector vulnerability remediation guidance, providing tables outlining prioritized vulnerabilities along with remediation and compensating control recommendations. CISA recommended that HPH entities diligently track and prioritize vulnerabilities based on their internal network architecture and risk posture.
The new guidelines are designed to serve as a vital resource for the HPH sector, offering actionable insights to enhance cybersecurity defenses against potential threats. For a detailed understanding of prioritized vulnerabilities and remediation guidance, readers are encouraged to refer directly to the published Mitigation Guide.