Cybersecurity Resources for Health Care Facilities
Managing threats to protect patients, staff and visitors is one of the primary responsibilities of a health care physical environment professional. ASHE seeks to aid members in developing effective cybersecurity best practices and policies at their facilities. This page includes links to cybersecurity recommendations, articles, resources and more.
- Health Care Cybersecurity Considerations for 2026: This Year’s Top 3 Cyber Risks | AHA Cyber & Risk Intel Blog
- Working to protect against cyber threats | An HFM Magazine interview with John Riggi, National Advisor for Cybersecurity and Risk, AHA
- Agency highlights need for better OT cybersecurity practices | HFM Magazine
Joint Cybersecurity Advisory TLP White:
AA20-302A - Ransomware Activity Targeting HPH Sector
This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. Developed jointly by Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS).
Healthcare System Cybersecurity:
Readiness & Response Considerations
The HHS Office of the Assistant Secretary for Preparedness and Response (ASPR) has sponsored the ASPR Technical Resources, Assistance Center, and Information Exchange (TRACIE), designed to help health care facilities better prepare for the roles and responsibilities of team members before, during and after a cyber incident. Information within this document are specific to the effects of a cyber incident on the health care environment.
Best Practices Framework for Health Care Cyber Protection of MEP Systems
by Tim Koch PE, SASHE, LEED AP,
David Brearley GICSP, PMP, CISM;
Kent Choma PE, Ph.D.;
Owen Redwood CISSP, GICSP, Ph.D.
Nina Alli, M.S.
Cyber-risk mitigation is least expensive and most effective when implemented at the initial planning stage of a project. This monograph introduces best practices to mitigate cyber-risk for mechanical, electrical and plumbing (MEP) systems. Vulnerabilities to health care MEP cyberthreat include the disabling of a life safety system, equipment damage, disruption of facility operations or a cyber entry point to a larger hospital network. Cyber-risk increases as buildings and equipment become smarter, more connected and more reliant on networks.
Access the Management Monograph
Read more Cyber-protection advice for hospital MEP systems and the importance of Incorporating MEP into a broader cybersecurity strategy from HFM Magazine.
2026 Hospital Construction Survey
This annual report highlights the need for better security and cybersecurity planning, and trends in health care construction. Hospitals and other health care facilities are fighting increased instances of criminal activity — including cyberattacks. In response, health care officials have increased their physical security and cybersecurity to better protect their staff, patients and visitors.
Health care facilities battle cyberattacks during pandemic
As health care organizations have responded quickly to deal with the fast-moving nature of the COVID-19 pandemic, three major factors have contributed to creating a climate ripe for cyberattacks against the field. Check out the Health Facilities Management article here to learn more.
Building cybersecurity into health care facilities
A safer, more efficient and compliant environment for health care facilities can be achieved by using data analytics with inputs from field sensors and outputs to field controllers. However, as devices that make up a facility’s operational technology (OT) become more network connected, cyber risk expands. Check out this Health Facilities Management article to learn more.