Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Topics
  3. Cybersecurity Best Practices
  4. Healthcare and Public Health Cybersecurity
  5. Healthcare and Public Health Sector: Address Resource Constraints
Share:
A photo of healthcare field

Healthcare and Public Health Sector: Address Resource Constraints

Recognizing that the nation’s healthcare systems and providers have been under severe resource constraints and members of the Healthcare and Public Health (HPH) sector should actively take steps to address their constraints.   

Use free or low-cost services to make near-term improvements when resources are scarce

The tools and resources offered by CISA in this toolkit are available at no cost. In addition, HHS hosts Knowledge on Demand (KOD), a free cybersecurity education platform that includes multiple delivery methodologies to reach health care facilities of all sizes across the country. 

Public health entities should work with the state planning committee to leverage the State and Local Cybersecurity Grant Program (SLCGP)

The SLCGP provides $1 billion over 4 years for a first-of-its-kind grant program specifically for state, local, and territorial (SLT) governments funding to support efforts addressing cyber risk to their information systems. The two major first year requirements for this program include the establishment of a Statewide Cybersecurity Planning Committee and the development, by this committee, of a Statewide Cybersecurity Plan. Public health is a required member of the Planning Committee, therefore ensuring the cybersecurity needs of public health organizations are accounted for. While the funding is granted directly to the State Administrative Agency, publicly funded healthcare entities are eligible to receive sub-award money.

Expect more from technology providers

HPH organizations should expect the technology used for essential services and life-saving support to have strong security controls enabled by default—at no additional charge.

During the technology procurement and renewal process:

Ensure that vendors do not charge more for security features like MFA and logs. Be aware of the “Single Sign On (SSO) tax”. As you deploy products be sure to review the product’s “hardening guide”, a set of steps to make the product less dangerous.

As you become aware of upcharges for security features, or unsafe defaults:

Start a dialog with other healthcare sector and Health-ISAC members to assess a strategy for working with the vendor to remediate. CISA is an advocate for the HPH community in advancing technology products equipped to support our nation’s HPH system.

Examples of authorized product lists:

Examples of authorized product lists include FedRAMP or StateRamp. For technologies that do not meet basic security expectations, contact your regional CISA cybersecurity advisor to see how we can help.

Consider cloud migration to lessen the burden of on-site cybersecurity

Many HPH entities operate their own IT systems, requiring them to take time to patch, monitor, and respond to potential security events. Consider which on-premise IT services could be migrated to the cloud. While it is not possible to categorically state that “the cloud is more secure,” migration to the cloud will be a more secure and resilient option for many healthcare organizations. Certain offerings in the cloud are more mature. For example, consider migrating your user identity and mail systems to the cloud first. Depending on business needs or requirements, certain items may need to remain on-premise. Talk to your CISA regional representative for guidance on secure cloud migration.

RETURN TO HEALTHCARE AND PUBLIC HEALTH CYBERSECURITY

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback