Ayala, L. (2016). Cybersecurity for hospitals and healthcare facilities: A guide to detection and prevention [eBook edition]. Apress. NOTE* If it is your first time accessing O’Reilly, it may prompt you to choose an institution. If so, select "Not Listed? Click Here" from the Institution List and sign in for access using your NU school email address.
Reading: Chapter 3
This chapter provides information on how cyber-attacks occur on active medical devices and computers in a healthcare network environment.
Office of the Director of National Intelligence (2018, July). Application of the Common Cyber Threat Framework. ODNI. This unclassified document demonstrates the application of the cyber threat framework through the stages of preparation, engagement, presence, and effect/consequence. Specific examples of documentation and reporting are provided. Pages 27-34 highlight a case exercise for review.
Department of Health and Human Services (HHS). (2019). Health industry cybersecurity practices: Managing threats and protecting patients (HICP). HHS. This guide was developed in response to the Cybersecurity Act of 2015 (CSA) by the Health and Human Services Task Group to enhance cybersecurity in healthcare.
Department of Health and Human Services (HHS). (n.d.). Health industry cybersecurity practices. HHS. This website provides valuable information and short videos by the Health and Human Services Task Group to portray systems-related cybersecurity issues in healthcare.
National Institute of Standards and Technology (NIST). (2018 April). Framework documents | NIST The latest version of the NIST Cybersecurity Framework is provided in PDF format. Implementation examples are provided and the specific required reading is sections 1-4 in the PDF. This document is a valuable tool to have as a reference.
This e-book is an invaluable resource for learning techniques used in threat intelligence and incident response best practices. Specifically, Chapter 13 provides a sample MITRE ATT&CK threat hunt plan implementation in an easy to understand framework.
Siegel, C.A., & Sweeney, M. (2020). Cyber strategy: Risk-driven security and resiliency. Auerbach Publications. This e-book describes cybersecurity strategies using several of the industry-standard frameworks discussed in this class. Some of the topics detailed are cyber risks and controls, current and target statement assessments, and measuring cybersecurity plan performance. This e-book is a valuable tool to have as a reference, and specific chapters are valuable resources for the weekly assignments.