HSCC Publishes “MANAGING LEGACY TECHNOLOGY SECURITY”
Health Industry Cybersecurity
Announcing the publication of “Health Industry Cybersecurity – Managing Legacy Technology Security (HIC-MaLTS)” – a comprehensive guide to address the management of cyber risk caused by legacy technologies used in healthcare environments. The 115-page toolkit recommends cybersecurity strategies organized in modular, actionable components that both manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure.
Link to the guide on Health Sector Coordinating Council (HSCC) website:
Concurrently, the White House released today its “National Cybersecurity Strategy” which envisions an increased emphasis on protecting the nation’s critical infrastructures from cyber threats and incidents. The HIC-MaLTS addresses that emphasis for healthcare through rigorously-negotiated recommendations for cybersecurity management and accountability between health delivery organizations and medical technology companies involving legacy medical systems in the clinical environment. This will support our critical healthcare infrastructure and patient safety.
Who should use it?
The HIC-MaLTS details best practices and recommendations for medical device manufacturers (MDMs), healthcare delivery organizations (HDOs), and other technology providers whose products are used in healthcare environments.
What does it cover?
HIC-MaLTS covers, among other things:
- The “Core Pillars” of a comprehensive legacy technology cyber risk management program:
- Governance: How should healthcare stakeholders govern to ensure effective legacy technology cyber risk management?
- Communications: Internally, to their customers, regulators, and the public—how should organizations communicate to manage legacy technology risk?
- Cyber Risk Management: For current and future legacy technologies, how should organizations manage cyber risk to limit current risk and avoid or minimize future risk?
- Future Proofing: How should MDMs and other technology providers design, deploy, and maintain their technologies to avoid or lessen legacy technology risks?
HSCC Publications
All 17 of the HSCC Cybersecurity Working Group publications of leading practices and recommendations are available as a free public service at https://healthsectorcouncil.org/hscc-publications/. Additional forthcoming publications over the next quarter include:
- Joint Publication with HHS on health sector implementation of the NIST Cybersecurity Framework
- Medical Device Joint Security Plan v2, updating product security strategies for designing and building security into medical technology
- Healthcare Enterprise Incident Response Plan
- “Cybersecurity for the Clinician” video training series for practicing clinicians and students in the medical profession.
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%