New healthcare cyber guidance unveiled by CISA

Mounting cybersecurity threats against the U.S. healthcare and public health sector have prompted the Cybersecurity and Infrastructure Security Agency to unveil new mitigation guidance nearly a month after the release of a federal healthcare cybersecurity toolkit, SecurityWeek reports. Aside from providing context to vulnerability trends based on CISA's Known Exploited Vulnerabilities catalog and MITRE ATT&CK framework, the guide also includes recommendations for asset management and security and identity management. Such guidance has also recommended the implementation of asset inventories for organizations and secure-by-design principles for vendors serving the sector. Moreover, recommendations for addressing vulnerabilities, particularly five exploited bugs, have also been provided. "As highlighted within this guide, HPH Sector entities should be vigilant in their vulnerability mitigation practices to prevent and minimize the risk from cyber threats. Once an organization assesses and deems a vulnerability a risk, it must treat the vulnerability. CISA recommends HPH entities implement this guidance to significantly reduce their cybersecurity risk," said CISA.