Cybersecurity Performance Goals and HIPAA

We Keep you Connected

Cybersecurity Performance Goals and HIPAA

Call us at: 877-275-4545
With cyber-attacks on the rise in healthcare, HIPAA enforcer, the Department of Health and Human Services (HHS), has taken proactive measures to enhance the sector’s resilience against these growing threats. As covered entities and business associates adapt to emerging challenges, understanding and implementing the voluntary Healthcare and Public Health Sector-Specific Cybersecurity Performance Goals (HPH CPGs) is crucial. 
HHS recognizes the dynamic nature of cybersecurity threats in the healthcare sector. The voluntary nature of the HPH CPGs doesn’t imply optional compliance. Given the current voluntary nature of the initiative, initial adoption might be modest. However, when the landscape shifts towards mandatory, there will be a foreseeable rush to comply. Adopting policies now is an excellent strategy for staying ahead of potential mandates and ensuring smoother adaptation. 
The HHS has collaborated with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to adapt cross-sector Cybersecurity Performance Goals (CPGs) into sector-specific guidelines for healthcare. These goals, derived from industry cybersecurity frameworks, aim to strengthen cyber preparedness and protect patient information. 
The HPH CPGs are categorized into Essential Goals and Enhanced Goals, offering a comprehensive approach to cybersecurity. Essential Goals establish foundational practices to address common vulnerabilities, while Enhanced Goals promote advanced practices for a higher level of defense. Despite these ‘voluntary’ titles, it’s important to remember that many of these goals are actually required under HIPAA, such as employee training, an incident response plan, and requirements to have a policy on how access is given to employees but also revoked. 
Reduce the likelihood of threat actors exploiting known vulnerabilities. 
Reduce the risk from common email-based threats. 
Add an additional layer of security to protect assets. 
Ensure organizational users learn and perform secure behaviors. 
Deploy encryption to maintain confidentiality of sensitive data. 
Promptly remove access for departing workforce members. 
Ensure effective organizational responses to cybersecurity incidents. 
Use unique credentials to detect anomalous activity. 
Establish secondary accounts to prevent lateral movement. 
Identify, assess, and mitigate risks associated with third-party products and services. 
Identify known, unknown, and unmanaged assets for rapid risk detection. 
Establish processes to respond to threats in assets provided by vendors. 
Promptly respond to security incidents or breaches across vendors. 
Discover and responsibly share vulnerabilities through testing and simulations. 
Internally address prioritized vulnerabilities from testing and simulations. 
Ensure organizational awareness and ability to respond to relevant threats. 
Separate mission-critical assets into discrete network segments. 
Collect telemetry for faster incident response and visibility. 
Consistently maintain and update incident response plans. 
Define and maintain secure device and system settings.
Understanding and embracing HPH CPGs will be essential for healthcare organizations moving forward with the evolving compliance and cybersecurity landscapes. Whether addressing foundational practices or advancing capabilities, these goals provide a comprehensive framework to safeguard patient information. 
A recent survey conducted by the American Medical Association (AMA)[…]
As the value of healthcare data remains high, there is[…]
  Remember ransomware, the malicious software that blocks computer access[…]

Privacy Policy
Terms of Service
© 2024 · HIPAA Secure Now!