Cybersecurity
The health care sector is a common target of cyberattacks due to the value of medical information. Cybercrime can create serious risks to patient health and safety if systems fail and operations are interrupted.
The proliferation of health information technology (health IT) presents new vulnerabilities, such as insider wrongdoing and external hacking attacks, that increase the risk of a breach for health care organizations. Awareness and implementation of cybersecurity best practices is paramount to reducing cybersecurity risks.
Reports
The MHCC reports on a variety of health information technology (health IT) data to inform decision making by policy makers, payers, providers, and consumers. View the latest reports, initiatives, flyers, and other resources.
Peer-to-Peer Learning
The MHCC collaborates with health care leaders across the State to raise awareness about cybersecurity and share best practices for network security, data privacy, and incident preparedness and response.
Industry leaders and scholars explore the ethical, legal, and operational complexities of integrating AI-enabled technology in health care. Presentations highlight best practices for advancing responsible AI innovation while ensuring patient safety, data security, and health equity.
Cybersecurity Resources
Cybersecurity awareness empowers organizations and providers to proactively identify security gaps and adopt consistent measures to protect sensitive patient data from evolving digital threats.
The resources on this page translate complex federal standards into practical steps, such as self-evaluation questionnaires and risk assessment guides, that address specific vulnerabilities and provide actionable guidance for health care organizations of all sizes.
Resources for Small Health Care Practices
- Cyber Liability Insurance: Tips for Small Practices
- Tips for practices seeking to purchase or increase cyber liability coverage.
- Data Privacy When Using Wearable Health and Fitness Devices: What Consumers Need to Know
- Guidance to help patients make informed decisions when using wearable technology.
- People: The Frontline of Cybersecurity - 3 Good Habits for Small Practices
- Basic cybersecurity best practices that anyone can adopt.
- Safeguarding Privacy and Security in Telehealth: Tips to Keep Your Practice Safe
- Important privacy and security considerations when providing telehealth services.
- Top 10 Tips for Cybersecurity in Health Care
- Information and resources for reducing cyber risks from the Office of the National Coordinator for Health Information Technology (ONC).
- American Medical Association: Protect Your Practice and Patients from Cybersecurity Threats
- Guidance for safeguarding confidential and patient information in a medical practice.
Security Assessments & Frameworks
- HHS Security Risk Assessment Tool
- A guide for small health care providers conducting a security risk assessment. Results can be used to determine potential risks in policies, processes and systems, and methods to mitigate risks.
- NIST Cybersecurity Framework
- Integrates industry standards and best practices to help organizations manage their cybersecurity risks. Meant to be accessible to small and large organizations across all sectors.
Cybersecurity Preparedness Self-Evaluation Questionnaire
Cybersecurity Preparedness Self-Evaluation Questionnaire
- A series of self-evaluation statements grouped by people, process, and technology is designed to assist provider organizations with identifying potential gaps in cybersecurity and prioritizing areas for improvement. The questionnaire aligns with the NIST cybersecurity Framework, a compendium of cybersecurity standards, best practices, and recommendations developed with experts in the federal government and private sector.
U.S. Department of Health & Human Services (HHS) Resources
- HHS 405(d) Aligning Health Care Industry Security Approaches Program
- The HHS 405(d) Program and Task Group is a collaborative effort between industry and the federal government to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating pertinent cybersecurity threats.
- 10 Practices to Protect Your Organization from Cyber Threats
- Infographic highlighting ten practices to mitigate cyber threats.
Contact Us
For more information, please email Justine Springer at justine.springer@maryland.gov.