Home Health & Hospice Week

In today’s world of phishing and ransomware spikes in the healthcare industry, there’s a way to stay abreast of emerging threats and trends.

For the most up-to-the-minute advice on threats, you can look at the National Vulnerability Database (NVD), which is maintained by the National Institute of Standards and Technology (NIST). “The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP),” NIST explains. The NVD resources offer tips on managing and measuring vulnerabilities while alerting the public to known software flaws, misconfigurations, and cyber impacts.

Heads up: Covered entities (CEs) and their business associates (BAs) must address known and possible vulner­abilities in their risk analysis, reminds the HHS Office for Civil Rights (OCR) in the 2022 Cybersecurity Newsletter for the first quarter.

But you might be wondering what OCR considers a vulnerability? “Exploitable vulnerabilities can exist in many parts of a regulated entity’s information technology infrastructure (e.g., server, desktop, and mobile device operating systems; application, database, and web software; router, firewall, and other device firmware),” the Cybersecurity Newsletter says. “Often, known vulnerabilities can be mitigated by applying vendor patches or upgrading to a newer version. If a patch or upgrade is unavailable, vendors often suggest actions to take to mitigate a newly discovered vulnerability,” OCR advises.

CISA: The Cybersecurity and Infrastructure Security Agency (CISA) also offers daily updates on a variety of issues — and includes industry-specific guidance. Plus, you can subscribe to CISA’s numerous alerts and bulletins on a plethora of topics. Other tools on the site include a dedicated Stop Ransomware page, cyber hygiene services, and regionally-based cyber tools and resources.

Visit the NVD resources at https://nvd.nist.gov and peruse the CISA site and guidance at www.cisa.gov.