Quantitative Risk Management in Healthcare Cybersecurity
TLP:WHITE
Please see the below the weekly threat brief from the HHS Health Sector Cybersecurity Coordination Center (HC3). This week’s briefing is on Quantitative Risk Management in Healthcare Cybersecurity and covers the following topics:
- Risk Management
- Risk Frameworks
- Qualitative Vs. Quantitative Risk Management
- Quantitative Approach Over Qualitative Measures
- Traditional Risk Management and the Way Forward
- Cyber Risk
- Data Needed for Quantitative Risk Management
- Examples of Quantitative Approaches
- Key Risk Indicators (KRIs)
- Some Metrics Used in Quantitative Risk Management
- Small Healthcare Organization Usage
- Case Study: Mayo Clinic Supply Chain Risk Management
- Data Breaches from 2019 Verizon Data Breach Investigation Report
- Legislation, Regulations and Standards
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%