The impact of the CISA Shields Up program on healthcare organizations

The CISA Shields Up program is an initiative designed to bolster the national cybersecurity defenses by encouraging individuals, organizations, and leaders to take security seriously. To healthcare organizations, the program provides proactive ransomware responses to address potential vulnerabilities.

The guidance to organizations, leaders, and CEOs 

The CISA’s Shields Up program offers guidance for organizational leaders, including CEOs, on enhancing cybersecurity postures. The program discusses in detail the need for senior leaders to actively participate in the protection of the organization's assets, in healthcare, this would be protected health information (PHI). 

CEOs and executives, something seen more often in larger healthcare organizations, are encouraged to prioritize cybersecurity across all levels. A primary piece of advice from the Shield Up program is, “Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.” The guidance stresses the need to adopt a heightened security stance through targeted methods of continuous monitoring and preparation against cyber threats.  

What the CISA says about ransomware responses 

1. Do not pay the ransom: The CISA advises against paying ransom as it does not provide assurances that data is decrypted. 
2. Ransomware detection: Healthcare organizations should focus on identifying and quickly assessing unusual network behavior. 
3. Crisis response team: CISA recommends that organizations designate a crisis response team with defined roles and responsibilities. 
4. Backup procedures: Healthcare organizations should test backup procedures regularly to make sure that data can be rapidly restored in the event of a ransomware attack.
5. Incident response preparedness: Conduct exercises to make sure all participants understand their role in responding to a ransomware attack.
6. Cyber hygiene services: Organizations are encouraged to sign up for CISA’s free cyber hygiene services. 
7. Software updates: Make sure software is kept up to date and prioritize updates that address vulnerabilities frequently exploited in ransomware attacks. 
8. Monitor external traffic: Extra care should be taken when working with international organizations by monitoring, inspecting, and isolating traffic from those sources. 
   
   

The resources provided

Free cyber hygiene services

CISA provides free services like vulnerability scanning, to help organizations identify and reduce exposure to potential cyber threats. 

Ransomware resources 

Through the Shields Up Program, CISA directs organizations to the StopRansomware.gov website, a platform that provides specific resources and alerts. 

Related: HIPAA Compliant Email: The Definitive Guide

FAQs 

What is the CISA?

The CISA is a US government agency that protects necessary infrastructure. 

What is the common purpose of ransomware attacks? 

Ransomware attacks usually encrypt data and demand payment in exchange for restoring access. 

What are cyber threats?

Malicious activities like hacking, phishing, or malware, target computer systems, networks, or data to cause harm or steal information.