The Cybersecurity and Infrastructure Security Agency (CISA) published its new guidance “Mitigation Guide: Healthcare and Public Health (HPH) Sector,” which provides defensive mitigation strategy recommendations and best practices to combat cyber threats affecting the healthcare and public health sector.
 

CISA identified common vulnerabilities and insecure configurations across the HPH Sector, such as: 

• Web application vulnerabilities 
• Encryption weaknesses 
• Unsupported software 
• Unsupported Windows operating systems 
• Known exploited vulnerabilities 
• Vulnerable services

Suggested mitigation strategies include:

• Asset management and security
• Identity management and device security (including phishing prevention and password policies)
• Vulnerability, patch, and configuration management.

This looks like another good resource to help you benchmark your security best practices.