How Portnox Aligns with the New CISA Healthcare Cybersecurity Guidelines

2024 brings a whole new realm of CISA healthcare cybersecurity guidelines, and protecting PHI (Personal Health Information) is critical. Thankfully, Portnox is here to help!

In general, CISA healthcare industry guidelines boil down into three main areas…

1. Asset Management & Security

CISA healthcare guidelines here boil down to: know what’s on your network, know how it all works together, and know what vulnerabilities having this on your network might open you up to.

Portnox Offers: IoT Fingerprinting

IoMT (Internet of Medical Things) is projected to grow to $176 billion by 2026; and while this will bring exciting innovations for patient care it will be a huge challenge for IT administrators trying to keep their networks secure. Our world-class IoT device trust features IoT fingerprinting can identify devices on your network with 96% accuracy so you can rest assured if it’s out there, you’ll know what it is. We also offer secure MAB (MAC Address Bypass) so if your pacemaker is passing traffic like a laptop, you’ll get an alert.

And fingerprinting is not limited just to IoT – we also fingerprint managed and BYOD devices too!

2. Identity & Device Security

CISA healthcare guidelines here cover the need to train users in cybersecurity best practices, such as how to spot a phishing e-mail, and how to protect your passwords. It also recommends implementing password managers, MFA, and EDR (Endpoint Detection and Response) software.

Portnox Offers: Passwordless Authentication & API Integration

Not only is certificate-based authentication more secure than an MFA/password combo, it also eliminates the problem covered by some of that user training.  No need to worry about someone getting phished if there are no passwords to input. We also integrate with other security tools via REST API, so instead of having a million different tools that operate as silos you can build a suite of security tools that work together. It won’t stop those texts asking for gift cards, though…you should definitely warn people about that.

3. Vulnerability, Patch & Configuration Management

This area of CISA healthcare security guidelines has two main requirements: 1) scan the devices on your network for vulnerabilities, and 2) keep up to date with patches. Any patches that fix security vulnerabilities should be applied quickly.

Portnox Offers: Could-Native Architecture, Risk Policies

First and foremost, Portnox itself is cloud-native, which means that is one less thing your IT Team has to worry about patching and keeping up to date – what a relief! Second, our risk policies can prevent devices without certain patch/OS levels from connecting, or put them in quarantine so they can’t access anything until they update.  This gives you peace of mind that there aren’t rogue Windows XP laptops hiding out there trying to log on.

Additional Resources on CISA Healthcare Guidelines

• Mitigation Guide: Healthcare and Public Health (HPH) Sector, CISA
• CISA Highlights Cybersecurity Guidelines For Healthcare CIOs and CISOs, Forbes
• Quick Look at the New CISA Healthcare Mitigation Guide, Fortra
• New federal plan aims to stop hospital cyberattacks, Axios