The U.S. Department of Health and Human Services (HHS) has revealed an extensive strategy to improve cybersecurity in the healthcare sector. The plan, introduced by the Biden administration, includes updates to the HIPAA Security Rule, new cybersecurity requirements for Medicare and Medicaid participants, voluntary performance goals, and an expanded “one-stop shop” for HHS cybersecurity services. The strategy addresses the increasing incidents of cyberattacks on medical facilities, emphasizing the impact on patient safety and the broader community. The proposed financial programs aim to incentivize healthcare entities to implement essential and enhanced cybersecurity practices, with a focus on both foundational and advanced measures. HHS envisions a two-tiered financial approach, featuring an upfront investments program to aid resource-strapped healthcare providers in implementing essential cybersecurity measures.
Additionally, an incentives program aims to encourage all hospitals to invest in advanced cybersecurity practices aligned with enhanced performance goals. The plan acknowledges the need for congressional approval for some proposals. HHS emphasizes collaboration with Congress to strengthen HIPAA enforcement, increase penalties, and enhance resources for investigating potential violations. While specific cybersecurity performance goals are not detailed, HHS envisions a blend of foundational and advanced practices to fortify the healthcare sector’s cybersecurity posture.
Referral link
