The new module is designed to help healthcare organizations evaluate cyber risks using NIST and HHS cybersecurity frameworks within the existing RISC 2.0 platform.
The Administration for Strategic Preparedness and Response (ASPR), a division of the US Department of Health and Human Services, is introducing a new cybersecurity module within the Risk Identification and Site Criticality (RISC) 2.0 Toolkit.
RISC 2.0 is a free, web-based platform where organizations can conduct risk assessments by identifying threats, assessing vulnerabilities, determining consequences and criticality, and sharing findings with stakeholders. Currently more than 3,500 health systems are using the RISC Tool.
“Cyber threats are growing more sophisticated. This module is the latest addition to our toolkit of resources to assist our health care and public health partners in preventing the disruption of patient care and strengthening national health security, ” says ASPR principal deputy assistant secretary John Knox, in a release. “We must acknowledge that cyber safety is patient safety and that cyber threats can cause cascading problems across the health care industry. The new cybersecurity module will help our partners understand what is needed to strengthen their resilience, and we strongly encourage them to take advantage of it.”
The new cybersecurity module guides users through a series of questions about their policies and practices, scoring responses against the NIST Cybersecurity Framework 2.0 and HHS Cybersecurity Performance Goals. This objective, standards-based approach aims to help organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation.
“When health care organizations have the means to identify risks and vulnerabilities, they can implement strategies that minimize disruptions to patient care and strengthen preparedness and resilience,” reads a release from ASPR.
Integrated into the existing RISC 2.0 platform, the module allows facilities, health systems, and coalitions to analyze cyber risk alongside other hazards in one unified tool. Users can complete the cyber module questionnaire independently or in combination with other risk assessments, depending on need.
HHS is the Sector Risk Management Agency (SRMA) for the Health Care and Public Health Sector, and ASPR coordinates HHS SRMA activities and provides guidance and support to public and private partners to help enhance cybersecurity.
ID 154742479 @ Pop Nukoonrat | Dreamstime.com
