On July 14, 2021, the U.S. Department of Homeland Security (DHS) launched a website intended to serve as a one-stop hub for ransomware resources. DHS stated that ransomware is a growing national security threat: $350 million in ransom was paid in 2020, and there have already been notable ransomware attacks in 2021. The intent of the new website is to collect resources from all federal agencies to assist organizations in protecting themselves against ransomware attacks and respond to incidents.
For the health care sector, the site links to several updates and resources, including resources compiled by the Cybersecurity Act of 2015, Section 405(d) Task Group. The task group created a publication in 2018 entitled Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, two technical volumes on cybersecurity practices for small health care organizations and for medium to large health care organizations, and a volume of resources and templates. The Task Group identified the ten most effective actions to mitigate common threats to the health care system: email protection systems; endpoint protection systems; access management; data protection and loss prevention; asset management; network management; vulnerability management; incident response; medical device security; and cybersecurity policies.