close
close

New CISA portal aims to improve cyber incident reporting

The Cybersecurity and Infrastructure Security Agency (CISA) is making significant changes to better protect healthcare providers and their patients. On August 29, 2024, it announced that its cyber incident reporting form will be moving to the new CISA Services Portal as part of its ongoing efforts to improve cyber incident reporting.

The portal is a secure platform with enhanced features for reporting cyber incidents, including integration with login.gov credentials, according to a CISA press release. The portal's enhanced features include the ability to save and update reports, as well as share submitted reports with colleagues or clients for third-party reporting, the agency said. The platform can also be used to search and filter reports. The portal has a collaboration feature that allows users to have informal discussions with CISA.

Possible benefits

“I would say that if this new resource helps detect health information privacy and security breaches earlier, it could help limit the harm of such breaches to patients and perhaps also help organizations meet breach reporting requirements,” said Lara Cartwright-Smith, JD, MPH, associate professor in the Department of Health Policy and Management at George Washington University in Washington DC.

It is hoped that any organisation that experiences a cyber attack or incident will report it not only for their own benefit, but also for the benefit of the wider public. Cartwright-Smith said sharing more information about cyber incidents could enable organisations to identify vulnerabilities and prevent or mitigate future breaches.

“Many organizations may have access to patient information as business associates of healthcare organizations and health insurers, including organizations that provide telehealth services, and any organization that processes protected health information on behalf of covered entities is responsible for the confidentiality and security of that information,” Cartwright-Smith said.

Changes in the reporting system are beneficial and could strengthen protection against cybersecurity attacks, said Matt DiBlasi, president and co-founder of Abyde, a Tampa, Florida-based company that specializes in HIPAA and OSHA compliance and frequently speaks on HIPAA compliance at industry events.

“I would say that while this portal update doesn't specifically address telemedicine or mobile phones, it shows us that cybersecurity is an essential part of physician practice in 2024 and beyond,” DiBlasi said. “The government is committed to funding CISA and HIPAA initiatives to educate, regulate and enforce these laws, and the updated portal is a great example of that.”

CISA has announced how and when incident reporting is required. A voluntary cyber incident reporting resource has been published. It informs clinicians about who should report an incident and why and when. It also includes useful resources for reducing cyber risk.

“It is imperative for healthcare organizations of all sizes to embrace the responsibility that comes with compliance in these critical areas rather than ignoring or avoiding implementing privacy and security measures as many have done in the past,” DiBlasi said.

Proven methods

CISA, along with the National Security Agency (NSA), the Federal Bureau of Investigation, the Australian Signals Directorate's Australian Cyber ​​​​Security Centre, and other international partners, has released new best practices for event logging and threat detection.

Doctors and other healthcare providers are told that to mitigate malicious cyber activity, they should prioritize routine system updates and fix known, exploited vulnerabilities. HIPAA-protected facilities today rely on hardware, software, and procedural systems to monitor data system activity. These facilities contain electronically protected health information, so there is an urgent need for the best approaches to review records for unauthorized activity.

It recommends that healthcare providers segment networks to prevent the spread of malicious activity. In addition, the new policy recommends enabling phishing-resistant multi-factor authentication for all external-facing account services, especially webmail, virtual private networks, and accounts that access critical systems.

Ensuring the security and resilience of critical systems by enabling network visibility is of paramount importance. The new guidance provides recommendations on how medical practices can improve their resilience in the current cyber threat environment. The guidance is of moderate technical complexity and assumes a basic understanding of event logging.

An effective event logging solution aims to send alerts to the network defenders in charge of monitoring when cybersecurity events such as critical software configuration changes are made or new software solutions are deployed. There are several factors to consider when implementing best practices. These include a company-approved event logging policy and centralized access to the event log. In addition, healthcare providers are advised to analyze or update their secured storage and event log integrity. It is recommended that clinicians have a detection strategy for relevant threats.

The guidance is technical in nature and is intended for people in medium to large organizations. Company-approved event logging policies should include details on the events to be logged and the event logging features to use. It also shows how to monitor event logs and when to re-evaluate which logs should be collected.

Log quality can vary between organizations due to different network environments. Useful event logs can improve a network defender's ability to assess security events and identify whether they are false positives or true positives. The new guidance from CISA and its partners includes recommendations for improving event logging and threat identification in enterprise systems, web services, business mobility, and operational technology systems.

The guidance describes the goals of a good event logging system and emphasizes designing logs that are both functional and effective. This can help network defenders make quick, informed decisions based on notifications and analysis. The system must alert network defenders to activities that may be associated with malicious activity, such as the installation of new software programs.

You may also like...