CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks

The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive isolation and recovery planning. The initiative, called "CI Fortify," seeks to ensure that organizations can sustain essential operations following incidents during geopolitical conflicts. CISA said that isolation includes measures such as proactively disconnecting from third-party and business networks to prevent cyber impacts to operational technology, which could allow essential services to continue during emergencies rather than completely shutting down. Recovery measures include documenting systems, backing up critical files, and practicing the replacement of systems or transitioning to manual systems if isolation fails and components are rendered inoperable.

"This initiative provides excellent and timely guidance for hospitals and health systems to prepare them to continue delivering essential services in the event of a destructive nation-state cyberattack or ransomware attack," said John Riggi, AHA national advisor for cybersecurity and risk. "Cyber resilience is essential to maintain patient care and safety during any incident which disrupts access to health care technology. Coincidentally, this follows the AHA and Joint Commission's new Cyber Resilience Readiness program, which also helps hospitals and health systems with sustaining clinical continuity during extended cyber-related technology outages."

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.