New Version of Security Risk Assessment Tool has Important New Features

Today, October 31, is the last day of National Cyber Awareness Month (NCSAM), so NAHC wants to inform you that the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.1 of the popular HHS Security Risk Assessment (SRA) Tool. You can download this latest version at that link.

The Security Risk Assessment Tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks and help reduce the chance of being impacted by malware, ransomware, and other cyber attacks.

The current version of the SRA Tool includes functionality updates based on public input.  New features include:

  • Threat and vulnerability validation;
  • Improved asset and vendor management (multi-select and delete functions added);
  • Incorporation of NIST Cybersecurity Framework references;
  • Capability to export the Detailed Report to Excel;
  • Addition of question flagging and a Flagged Report; and
  • Bug fixes and improved stability.

Download the SRA Tool and be sure to review the User Guide for tips on using this interactive tool. If you have any questions about the SRA Tool, email the Help Desk or view the materials and audio recording of the August 2019 SRA Tool webinar.

ONC and OCR will continue to make improvements to the SRA Tool, so please reach out via the Health IT Feedback Form with suggestions.