Resource Library

List of ransomware techniques, software, and groups that are presently documented in MITRE ATT&CK.

Resources that provide insight for organizations to the latest threats and understanding the adversary.

Incident preparedness and response considerations that can help health delivery organizations (HDOs) and other stakeholders understand the roles and responsibilities before, during, and after a cyber incident.

Cybersecurity & Infrastructure Security Agency (CISA) Alert (AA22-321A); Uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH).

MITRE’s Ten Strategies of a World-Class CSOC book, describing detailed strategies, including how they crosscut elements of people, process, and technology to build, manage, and improve the CSOC.

Resources that provide Health Industry Cybersecurity Best Practices: Managing Threats and Protecting Patients (HICP).

MITRE Systems Engineering Guide, or SEG, conveys The MITRE Corporation’s accumulated wisdom on a wide range of systems engineering subjects—sufficient for understanding the essentials of the discipline and for translating this knowledge into practice in your own work environment.

Recommended actions and resources that critical infrastructure entities should implement to reduce the risk ransomware.

A Systems Security Engineering Approach; which defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.

Provides industry-led consensus-based guidelines, practices, and methodologies that aim to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the HPH sector

Crown Jewels Analysis (CJA) is a process for identifying those cyber assets that are most critical to achieve an organization’s key objectives and enable organizations to prioritize and apply limited resources effectively for cyber resiliency during a major cyber attack.

Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. The Health Sector Cybersecurity Coordination Center (HC3) recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise.

Incorporates feedback from earlier drafts and is based on the broader Cybersecurity Framework Version 1.1. It can be used as a guide to manage the risk of ransomware events—which includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events.

A Guide to Maturing Cyber Defense Capabilities For HDO.

A lightweight assessment tool used to evaluate your overall cybersecurity operations and infrastructure.

A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.

An overview of how to set the scene for detection, and how to collect the right data points.

A collection of CISA cybersecurity services can that help organization identify, protect and respond to the ransomware threat.

NIST Reference designs that focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network.

The CVSS Rubric consists of a structured set of questions and corresponding decision flow diagrams, along with medical device specific examples and guidance, to help assess a medical device vulnerability in a consistent and standardized way.

The ZTA Tech Watcher report explores the state of the technology today and provides background, applicability and benefits to organizations, outstanding challenges and issues, and recommendations.

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in recovering from ransomware or other destructive events.

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in identifying and protecting critical assets against ransomware or other destructive events.

H-ISAC, Health Information Sharing and Analysis Center, is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.

Cybersecurity & Infrastructure Security Agency (CISA) overview on ransomware, what it is and what to do about it.

A collection of CISA cybersecurity services can that help the broader cybersecurity community gain visibility with vulnerability trends, adversarial activities and, effective mitigations for better protection of their networks.

International Medical Device Regulators Forum guidance document providing general principles and best practices
to facilitate international regulatory on medical device cybersecurity from pre-market to post-market.

CISA Webinar: Provides technical overview of prevalent ransomware actors, their targets, and provides recommendations on how organization could defend against the threat.

An overview of how to establish a User Awareness Training program. The EARNEST Practice helps educate End Users to be effective Cyber Sensors.

US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.

Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.

In this Software Engineering Institute (SEI) Cyber Minute, Rotem Guttman discusses “Mitigating Ransomware.

Center for Internet Security white paper on ransomware.

SANS Internet Storm Center provides free analysis and warning service to thousands of Internet users and organizations.

MITRE developed a rubric that provides guidance for how an analyst can utilize CVSS as part of a risk assessment for a medical device.

Center for Internet Security blog on ransomware facts, threat and countermeasures.

NIST resources on tips and tactics for preparing your organization for ransomware attacks.

Collection of Cybersecurity & Infrastructure Security Agency (CISA) ransomware guidance and resources.

Health and Human Services Ransomware and HIPAA fact sheet.

Health and Human Services Office for Civil Rights presentation on Ransomware prevention, recovery and breach risk assessment.

Cybersecurity & Infrastructure Security Agency (CISA) Alert (AA20-302A); Uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH).

National Institute of Standards and Technology (NIST) white paper providing recommendation to help managed service providers (MSPs) protecting data from ransomware and other data loss events.

Cybersecurity & Infrastructure Security Agency (CISA) security time (ST19-001); protecting against ransomware.

Matthew Halvorsen, Strategic Program Director for NCSC’s Supply Chain and Cyber Directorate, recently sat down with Gregory Garcia, the Executive Director for Cybersecurity of the Health Sector Coordinating Council, for an audio interview on current threats to the health care sector.

Overview of the Center for Internet Security® (CIS®), Malicious Domain Blocking and Reporting (MDBR) service offering to all public and private hospitals and related healthcare organizations in the United States. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is voluntary guidance intended to help organizations to better manage and reduce cybersecurity risk.

Ransomware best practices and recommendations are based on operational insight from the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

​​​Industry Advisory Committee paper presents real case studies and provides advice on how all Australians can best protect themselves from ransomware attacks.​ The advice is applicable to any country.

Laws and regulations that apply to programs, services, and activities receiving HHS Federal financial assistance.

Three steps any organization can take to manage their risk against ransomware.

Document that provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.

Educational video on how to address the threat of ransomware attacks.

A collection of Health Sector Cybersecurity Coordination Center (HC3) resources to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the Health and Public Health Sector (HPH).

Report which examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.

Health Care Industry Cybersecurity Task Force report detailing findings on cybersecurity risk facing the healthcare industry.

InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.

FBI bulletin containing 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year.

Reference designs that uses commercially available technologies to develop solutions that could assist an organization in detecting and responding against ransomware or other destructive events.

An educational resource for digital health companies at all stages of growth on both the fundamentals and best practices for cybersecurity and privacy protection.

An overview of three Cybersecurity Maturity Models that can be used by an organization to baseline their current capabilities against best practices.

Cyber Tabletop Exercises (TTX) are a way to evaluate your cyber response plan with scenarios that identify gaps between what you’ve planned for and what can actually happen, practice roles and responsibilities, and improve communications throughout organizations.

Educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents.

Resources that provide and overview of Cyber Resiliency and its implementation.

CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.

Steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident.

An overview of Cyber Assessments methods to bolster an organization’s ability to identify, protect, and detect cyber threats.

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The score can help organizations properly assess and prioritize their vulnerability management processes.

CVE® is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

A comprehensive strategic framework and recommendations for tackling the dramatically increasing and evolving threat of ransomware.

Best practice outlining three steps to resilience against ransomware for State and Local Partners.

CALDERA™ is a cybersecurity framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.