The Israeli Ministry of Health (MoH) issued a new circular on the principles of cybersecurity defense in the Israeli health sector. The circular specifies the cybersecurity measures that must be taken to protect a health organization’s cyber assets (i.e., the personal and medical information stored in its databases); guides on appropriate cybersecurity risk management and cyber-attack preparedness and response; sets out the obligation to appoint a cybersecurity supervisor in the organization.
The circular applies to “Health Organizations” that provide healthcare services to the public (such as the MoH and its affiliated agencies, hospitals, HMOs, pharmacies, etc.). Yet it also has an indirect bearing on the Health Organizations’ service providers, through certain obligations imposed on Health Organizations regarding the proper management of cybersecurity risks arising from their use of service providers.
According to the circular, Health Organizations must prepare and implement a cyber protection policy that addresses key cybersecurity principles and risks, including the management and the establishment of an information security program per the ISO27799 standard.
CLICK HERE to read the MoH circular on cybersecurity defense in the health sector (in Hebrew).