Cybersecurity Resources for Health Care Facilities


Managing threats to protect patients, staff and visitors is one of the primary responsibilities of a health care physical environment professional. ASHE seeks to aid members in developing effective cybersecurity best practices and policies at their facilities. This page includes links to cybersecurity recommendations, articles, resources and more.


Joint Cybersecurity Advisory report cover

Joint Cybersecurity Advisory TLP White:
AA20-302A - Ransomware Activity Targeting HPH Sector

This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. Developed jointly by Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS).

Read more

Healthcare System Cybersecurity report cover

Healthcare System Cybersecurity:
Readiness & Response Considerations

The HHS Office of the Assistant Secretary for Preparedness and Response (ASPR) has sponsored the ASPR Technical Resources, Assistance Center, and Information Exchange (TRACIE), designed to help health care facilities better prepare for the roles and responsibilities of team members before, during and after a cyber incident. Information within this document are specific to the effects of a cyber incident on the health care environment.

Read more

Framework for Health Care Cyber Protection of MEP Systems report cover

Best Practices Framework for Health Care Cyber Protection of MEP Systems

by Tim Koch PE, SASHE, LEED AP,
     David Brearley GICSP, PMP, CISM;
     Kent Choma PE, Ph.D.;
     Owen Redwood CISSP, GICSP, Ph.D.
     Nina Alli, M.S.

Cyber-risk mitigation is least expensive and most effective when implemented at the initial planning stage of a project. This monograph introduces best practices to mitigate cyber-risk for mechanical, electrical and plumbing (MEP) systems. Vulnerabilities to health care MEP cyberthreat include the disabling of a life safety system, equipment damage, disruption of facility operations or a cyber entry point to a larger hospital network. Cyber-risk increases as buildings and equipment become smarter, more connected and more reliant on networks.

Read more

Health care facilities battle cyberattacks during pandemic magazine cover

Health care facilities battle cyberattacks during pandemic

As health care organizations have responded quickly to deal with the fast-moving nature of the COVID-19 pandemic, three major factors have contributed to creating a climate ripe for cyberattacks against the field. Check out the Health Facilities Management article here to learn more. 

Read more

Building cybersecurity into health care facilities magazine cover

Building cybersecurity into health care facilities

A safer, more efficient and compliant environment for health care facilities can be achieved by using data analytics with inputs from field sensors and outputs to field controllers. However, as devices that make up a facility‚Äôs operational technology (OT) become more network connected, cyber risk expands. Check out this Health Facilities Management article to learn more. 

Read more