The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS [1] [2] [4] [5]) have collaborated to develop a comprehensive cybersecurity toolkit specifically designed for the healthcare sector. This toolkit aims to address resource and cyber capability gaps and is a joint effort by CISA, HHS, and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group [5]. Its purpose is to provide healthcare IT security leaders with information, guidance [2] [5] [6], and practical tools to enhance the security posture of their organizations.


The Cybersecurity Toolkit for Healthcare and Public Health is a specialized resource that tackles the cybersecurity challenges faced by the healthcare sector [1]. It offers a range of resources to strengthen defenses against cyber threats, with a particular focus on under-resourced hospitals and health centers. The toolkit is suitable for organizations of all sizes and provides remedies for cyber hygiene [1], tools for building strong cybersecurity foundations [1], and resources for staying ahead of evolving threats [1].

The toolkit incorporates CISA’s Cyber Hygiene Services [5], which utilize vulnerability scanning to reduce the attack surface [5], as well as HHS’s Health Industry Cybersecurity Practices for enhancing cyber-resilience [3] [5]. It also includes the HPH Sector Cybersecurity Framework Implementation Guide by HHS and HSCC [4] [5], which assists in assessing and improving cyber-resilience.

In addition, the toolkit connects users to various cybersecurity resources [1], such as the Healthcare and Public Health Sector Coordinating Council and vulnerability scanning services provided by HHS and CISA [1]. It consolidates cybersecurity alerts [1], information about free services and tools [1], security training [1], and reporting portals [1]. The overall goal is to improve the cybersecurity posture of the healthcare sector and ensure the protection of sensitive patient data.


Securing healthcare organizations is of utmost importance due to the sensitive information they possess. The Cybersecurity Toolkit for Healthcare and Public Health aims to not only protect health organizations in the United States but also globally through collaboration tools. The healthcare industry has become a prime target for cybercriminals [3], given the valuable information it holds [3], and the increasing number of cyber attacks against healthcare organizations underscores the need for improved defenses [3].

By providing resources such as cyber-hygiene services [3], best practices [2] [3] [4], and tips for implementing the NIST Cybersecurity Framework [3], the toolkit equips healthcare IT security leaders with the necessary tools to mitigate risks and enhance their organizations’ cyber-resilience. It is a crucial step towards safeguarding patient data and ensuring the continued delivery of quality healthcare services.