By Jennifer Marshall, Director, Technical Product Management, Healthcare Technology Analytics Solutions


This is the second article in a series on topics inspired by a focus group discussion among members of CHIME (College of Healthcare Information Management Executives) about strategies used to adapt during the pandemic.


Healthcare organizations are the guardians of protected health information (PHI), and security has always been paramount to protect data and prevent identity theft. Breaches stemming from the pandemic and ransomware attacks have accelerated investments in security. Throughout the remainder of 2021 and beyond, digital transformation and cybersecurity will continue to be important to organizational strategies to help ensure hospitals and health systems stay ahead of threats.


CHIME recently shared a fact sheet of free government resources available to victims of compromise as well as best practices on how to better protect the healthcare technology system infrastructure.

\r\n","@type":"corporate/components/text"}}" id="text-4a3cc42811" class="cmp-text">

作者:Jennifer Marshall,醫療保健技術分析解決方案技術產品管理總監




Security resource roundup\r\n

At Quest Diagnostics, we are committed to the privacy and security of personal information. I recently asked our Security Risk and Compliance team to share some available resources to keep informed about cybersecurity and healthcare. Below are additional sources that can enable healthcare professionals to keep up with the latest cybersecurity news, trends, and leading practices for the healthcare industry.

\r\n","@type":"corporate/components/text"}}" id="text-9805369638" class="cmp-text">


在Quest Diagnostics,我們致力於個人信息的隱私和安全。我最近要求我們的安全風險和合規團隊分享一些可用的資源,以保持對網絡安全和醫療保健的了解。以下是其他來源,可以幫助醫療保健專業人員跟上醫療保健行業最新的網絡安全新聞、趨勢和領先實踐LD乐动体育米兰官方。

\r\nResource\r\nDetail\r\nBitpipe.com\r\nThe enterprise IT professional’s guide to information technology resources. Browse this free online library for the latest technical white papers, webcasts and product information to help you make intelligent IT product purchasing decisions.\r\nThe Cybersecurity & Infrastructure Security Agency (CISA)\r\nWorks with partners to defend against today’s threats and collaborate to build more secure and resilient infrastructure for the future.\r\nHealth Information Sharing and Analysis Center (H-IASC)\r\nA community of critical infrastructure owners and operators within the Healthcare and Public Health sector (HPH) with a mission to enable and preserve the public trust. The member organization seeks to advance the global health sector’s cybersecurity and physical security protection and resilience and enable the ability to prepare for and respond to threats and vulnerabilities.\r\nThe US Department of Health and Human Services (HHS) Cybersecurity Act of 2015 (CSA) 405(d) Aligning Health Care Industry Security Approaches program\r\nProvides a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity.\r\nThe International Association of Privacy Professionals (IAPP) Daily Dashboard\r\nProvides privacy and data protection news from around the world.\r\nThe Office for Civil Rights (OCR)\r\nProvides 2 listservs to inform the public about health information privacy and security FAQs, guidance, and technical assistance materials.\r\nNational Cybersecurity Center of Excellence (NCCoE)\r\nPart of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges.\r\nThe National Institute of Standards and Technology cybersecurity and privacy activities\r\nSeeks to strengthen the security of the digital environment. NIST’s sustained outreach efforts support the effective application of standards and best practices enabling the adoption of practical cybersecurity and privacy.\r\nThe National Law Review\r\nOnline edition seeks to capture legal trends and news as they first start to emerge.\r\nThe New Jersey Chapter of ISACA\r\nOne of more than 220 chapters around the world that connects information systems governance, control, risk, security, audit/assurance, business, and cybersecurity professionals and enterprises.\r\nThe New Jersey Cybersecurity and Communications Integration Cell (NJCCIC)\r\nThe state’s one-stop shop for cybersecurity information sharing, threat intelligence, and incident reporting. Acting in a cyber fusion center capacity, the NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness.\r\nSANS AtRisk\r\nProvides a weekly summary of newly discovered attack vectors, vulnerabilities with active new exploits, insightful explanations of how recent attacks worked, and other valuable data.\r\nSANS NewsBites\r\nA semiweekly executive summary of recent cybersecurity news articles. Each news item is annotated with important context provided by respected subject matter experts within the SANS community.\r\nSC Media\r\nShares industry expert guidance and insight, in-depth features and timely news, and independent product reviews in partnership with and for top-level information security executives and their technical teams.\r\n\r\n","@type":"corporate/components/text"}}" id="text-c2bd1133ff" class="cmp-text">
資源 細節
Bitpipe.com 企業IT專業人士的信息技術資源指南。瀏覽這個免費的在線圖書館,獲取最新的技術白皮書、網絡廣播和產品信息,幫助您做出明智的IT產品購買決策。
網絡安全和基礎設施安全局(CISA) 與合作夥伴合作,抵禦當今的威脅,為未來建設更安全和更有彈性的基礎設施。
健康信息共享與分析中心(H-IASC) 由醫療保健和公共衛生部門(HPH)內的關鍵基礎設施所有者和運營商組成的社區,以增強和維護公眾信任為使命。該成員組織尋求促進全球衛生部門的網絡安全和物理安全保護和恢複力,使其有能力準備和應對威脅和漏洞。
美國衛生與公眾服務部(HHS) 2015年網絡安全法案(CSA) 405(d)對齊醫療保健行業安全方法計劃 提供一組通用的自願的、基於共識的和以行業為主導的指導方針、實踐、方法、程序和流程,醫療保健組織可用於增強網絡安全。
國際隱私專業人員協會(IAPP)每日儀表盤 提供來自世界各地的隱私和數據保護新聞。
民權辦公室(OCR) 提供2個列表服務,向公眾提供健康信息隱私和安全常見問題、指導和技術援助材料。
國家網絡安全卓越中心(NCCoE) 作為美國國家標準與技術研究所(NIST)的一部分,它是一個協作中心,在這裏,行業組織、政府機構和學術機構一起工作,解決企業最緊迫的網絡安全問題。這種公私夥伴關係能夠為特定行業以及廣泛的跨部門技術挑戰創造實用的網絡安全解決方案。
國家標準與技術研究所的網絡安全和隱私活動 旨在加強數字環境的安全。NIST持續的外聯工作支持標準和最佳實踐的有效應用,使實際的網絡安全和隱私得以采用。
《國家法律評論》 在線版試圖捕捉法律趨勢和新聞,因為它們剛開始出現。
ISACA的新澤西分會 全球220多個章節之一,連接信息係統治理、控製、風險、安全、審計/保證、業務和網絡安全專業人員和企業。
新澤西網絡安全和通信集成小組(NJCCIC) 該州為網絡安全信息共享、威脅情報和事件報告提供一站式服務。NJCCIC作為一個網絡融合中心,是新澤西州國土安全和準備辦公室的一個組成機構。
SANS AtRisk 每周提供新發現的攻擊載體、帶有活躍的新漏洞的漏洞、對最近攻擊的工作方式的深刻解釋和其他有價值的數據的摘要。
SANS簡要新聞 最新網絡安全新聞文章的半周摘要。每條新聞都附有SANS社區內受人尊敬的主題專家提供的重要上下文注釋。
SC媒體 與頂級信息安全主管及其技術團隊合作,為他們分享行業專家的指導和見解、深度專題和及時新聞,以及獨立的產品評論。
Staying updated and implementing cybersecurity best practices can help reduce vulnerability to cyber attacks or help reduce the impact of an incident. Watch for the next topic in this series, which will discuss cloud-based data management.


Disclaimer: The information contained in this blog post is provided solely for informational purposes and is not intended to be specific guidance or advice.

\r\n","@type":"corporate/components/text"}}" id="text-44317d7970" class="cmp-text">



頁麵發布日期:01- 9月2021