According to the FBI’s Internet Crime Complaint Center, the health care sector faced the most ransomware attacks in 2021 and the number of complaints has been steadily climbing over the last five years. The U.S. Department of Health and Human Services (HHS) has announced the release of resources to help address cybersecurity concerns in the healthcare sector. Their new Knowledge On Demand platform offers free cybersecurity training on the following topics:
- Social Engineering
- Ransomware
- Loss or Theft of Equipment or Data
- Insider Accidental or Malicious Data Loss
- Attacks Against Network Connected Medical Devices
These topics represent the top five cybersecurity threats identified through the collaborative effort between the Health Sector Coordinating Council Cybersecurity Working Group and the HHS task group that developed the Health Industry Cybersecurity Practices (HICP) technical volumes. Deputy Secretary Andrea Palm states “Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention. These trainings will serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring those hospitals and health care organizations most vulnerable to attack can take steps toward resilience.”
The HHS training platform offers Interactive Training Videos, PowerPoint presentations with presenter notes, and job aids (quick tips and checklists). Certificates of completion are available for printing at the end of each Interactive Training Video. The content of each Interactive Training Video is also available for inclusion in an existing Learning Management System (LMS).
You may find links to the free training tools at the following web page:
https://405d.hhs.gov/knowledgeondemand
Note: HIPAA’s Security Rule requires training of all workforce members on the topics of Password Management, Login Monitoring and Protection from Malicious Software. While the Knowledge on Demand platform provides valuable cybersecurity training that touches on some of these topics, Eagle Associates does not recommend that it be used as a substitute for Security Rule-specific training.
