The National Security Agency has issued cybersecurity guidance for teleworkers to help improve security when working remotely. The guidance has been released primarily for U.S. government employees and military service members, but it is also relevant to healthcare industry workers providing telehealth services from their home computers and smartphones.
There are many consumer and enterprise-grade communication solutions available and the cybersecurity protections offered by each can differ considerably. The guidance document outlines 9 important considerations when selecting a collaboration service. By assessing each service against the 9 criteria, remote workers will be able to choose the most appropriate solution to meet their needs.
The NSA strongly recommends conducting high-level security assessments to determine how the security capabilities of each platform performs against certain security criteria. These assessments are useful for identifying risks associated with the features of each tool. The guidance document also provides information on using the collaboration services securely.
The NSA recommends the guidance should be reviewed by all employees who are now working from home to allow them to make an informed decision about the best communication and collaboration tools to use to meet their specific needs, and for workers to take the steps outlined in the guidance document to mitigate risks of cyberattacks.
The guidance document, Selecting and Securely Using Collaboration Service for Telework can be downloaded here.
Healthcare-specific guidance for remote workers has also recently been published by the American Hospital Association (AHA) /American Medical Association (AMA), which should be used in conjunction with the NSA guidance.
OCR Suggests Resources to Help Healthcare Organizations Combat COVID-19 Threats
On April 30, 2020, the HHS’ Office for Civil Rights suggested several resources covering the current threat landscape and the steps that can be taken to reduce risks to a reasonable and acceptable level, as detailed below:
- OCR Cyber Attack Quick Response Checklist
- FBI guidance on COVID-19 phishing attacks on healthcare providers
- IC3 guidance on COVID-19 online extortion scams
- HHS Health Sector Cybersecurity Coordination Center (HC3) white paper on COVID-19 VTC exploitation
- HC3 guidance on COVID-19 cyber threats
The post NSA Cybersecurity Guidance for Teleworkers and Other Useful COVID-19 Threat Resources appeared first on HIPAA Journal.