HHS Releases Voluntary Cybersecurity Goals for the Healthcare Sector

padeptofruralhealth
PA_Dept_of_Rural_Health January 28, 2024

From Healthcare Dive

Dive Brief:

  • The HHS released voluntary cybersecurity goals for healthcare and public health organizations on Wednesday, as the industry grapples with increasing large data breaches and ransomware attacks.
  • The performance goals, broken down into essential and enhanced safeguards, aim to help organizations prevent cyberattacks, improve their response if an incident occurs and minimize remaining risk after security measures are applied.
  • The resources come after the HHS released a concept paper in December, which detailed plans to create hospital cybersecurity requirements through Medicare and Medicaid and eventually update the HIPAA rule.

Dive Insight:

Healthcare data breaches — particularly those stemming from hacking — have risen over the past decade, exposing hundreds of millions of patients’ sensitive personal information or protected health data.

Breaches can be costly for healthcare organizations to manage, but cyberattacks that interrupt hospital operations are also a risk to patient safety.

Ransomware, where criminals demand payment in exchange for restored access to sensitive information and critical systems, can disrupt normal care for weeks.

Ardent Health Services, which runs facilities in multiple states, was hit by a ransomware attack on Thanksgiving, forcing the hospital operator to take its network offline and divert incoming ambulances. Ardent restored access to its electronic health record in early December and fully recovered its patient portal in January.

The new cybersecurity goals from the HHS aim to help healthcare organizations build layered protection against cyberattacks — so if one defense fails, another can serve as a backup — which the agency said is key to building resilience and protecting patients.

“We have a responsibility to help our health care system weather cyber threats, adapt to the evolving threat landscape, and build a more resilient sector,” HHS Deputy Secretary Andrea Palm said in a statement. “The release of these cybersecurity performance goals is a step forward for the sector as we look to propose new enforceable cybersecurity standards across HHS policies and programs that are informed by these CPGs.”

The essential goals, which include safeguards like email security, multifactor authentication and basic cybersecurity training for employees, create a base to help organizations manage common vulnerabilities.

The enhanced protections, like establishing processes to discover and address threats at vendors, separating critical assets into discrete network segments and cybersecurity testing, aim to help health systems mature their defenses.

Hospitals cheered the voluntary goals, with American Hospital Association president and CEO Rick Pollack recommending in an email statement that “all components of the healthcare sector implement these practices including third party technology providers and business associates.”

But the trade and lobbying group has previously argued that mandated cybersecurity standards tied to funding — which media reports suggest could be coming down the pike soon — could remove hospital resources that could be used to shore up their cyber defenses.

The post HHS Releases Voluntary Cybersecurity Goals for the Healthcare Sector appeared first on Pennsylvania Office of Rural Health.

Categories: My Healthy Pennsylvania, Rural Health PA
padeptofruralhealth
PA_Dept_of_Rural_Health

Related Articles

5 Essential Frameworks for Preventing Violent Child Death

The U.S. has a violent child death problem. Developing strategies to prevent violent child deaths death from firearms and traffic crashes is a demanding task that requires consideration of numerous upstream, interrelated, and tangential issues. To help safety advocates develop strategies to prevent violent child death, we compiled five frameworks to help: Understand and explain …
The post 5 Essential Frameworks for Preventing Violent Child Death appeared first on Salud America.

salud-america
Salud America December 8, 2022

As Social Need Screening Advances, Transportation Remains an Afterthought

Some big changes in 2022 and 2023 have set up the healthcare sector to advance screening for non-medical social needs in 2024 and beyond. This is great news as we work to address social determinants of health (SDoH), improve health outcomes, and reduce health disparities. But one key social need – transportation – isn’t getting …
The post As Social Need Screening Advances, Transportation Remains an Afterthought appeared first on Salud America.

salud-america
Salud America March 19, 2024

Medicare: What Latinos Should Know

Medicare can be a complex topic for anyone.   Getting health insurance coverage through Medicare has many moving parts, from knowing where to start, to searching through plans, to choosing the right plan for you.   Let’s dive into Medicare and a few helpful tips to consider when choosing your plan.   What is Medicare?   Medicare is the …
The post Medicare: What Latinos Should Know appeared first on Salud America.

salud-america
Salud America September 4, 2023

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .