Securing Healthcare from Cyber Threats: An HHS Strategy Update

We Keep you Connected

Securing Healthcare from Cyber Threats: An HHS Strategy Update

Call us at: 877-275-4545

The healthcare industry faces rising cybersecurity risks that threaten patient safety and care. According to the U.S. Department of Health and Human Services (HHS), large healthcare data breaches are up 93% from 2018 to 2022, increasingly involving ransomware. These cyberattacks have disrupted hospital operations and delayed needed care.
To address this growing problem, HHS laid out a strategy centered on four main actions in their December 2023 report:
Together, the Healthcare and Public Health Sector aim to create Cybersecurity Performance Goals (HPH CPGs), which will streamline cybersecurity standards and help healthcare organizations prioritize cybersecurity practices.
HHS will work with the government to fund and enforce 2 programs: an upfront investments program to help high-need providers, and an incentives program to encourage implementation of HPH CPGs.
More than just voluntary action, HHS is working towards incorporating these new cybersecurity standards into regulatory requirements. Specifically, CMS will propose new cybersecurity requirements through Medicare and Medicaid, and the OCR will update HIPAA in spring 2024 to include new cybersecurity requirements. They are also looking to increase monetary penalties for HIPAA violations and new ways to scale their proactive auditing process.
This pillar aims to deepen government partnership with the healthcare industry and increase HHS’s incident response capabilities.
These action items acknowledge that technology alone cannot secure healthcare data. Continuous training is critical to building an organizational culture of cyber awareness and accountability at all levels. HHS advises healthcare workers to undergo regular phishing simulations, incident response drills, and education on spotting threats. Facilities must ensure their workforce has the knowledge to serve as a key line of defense.
Achieving robust healthcare cybersecurity will require efforts across government, industry, and individual healthcare staff, but the payoff will be safer care delivery shielded from growing digital threats. With diligent training and layered technical controls guided by HHS’s strategy, the healthcare sector can secure data and focus on its most important job – helping patients.
We are proud to announce the launch of the HIPAA[…]
A Risk Assessment is required in order to comply with[…]
One of the administrative requirements of the HIPAA Security Rule[…]

Privacy Policy
Terms of Service
© 2024 · HIPAA Secure Now!