Why HHS ’ Cybersecurity Concept Paper Falls Short for Healthcare

The following is a guest article by Chris Bowen, Founder and CISO at ClearDATA The recent Cybersecurity concept paper from HHS, while a gesture towards progress, falls critically short of what’s imperative in today’s climate. In an era where the HHS itself notes a 93% increase in large healthcare data breaches from 2018 to 2022, as well as a 278% increase in those that involve ransomware, suggesting “voluntary cybersecurity goals” is akin to applying a band-aid on a hemorrhage. It’s time for HHS to mandate and enforce rigorous, prescriptive cybersecurity standards. First and foremost, if you’re treating patients, there should be a clear mandate for certain minimum cybersecurity standards. For example, in the healthcare industry, we have to abide by HIPAA — a law that helps protect the privacy and security of people’s health information. We can’t serve our patients if we don’t ensure that protected health information (PHI) is kept private. For healthcare organizations, and those organizations that support healthcare, some minimum cybersecurity standard mandates should include not simply addressable, but required encryption, and in flight with up-to-date encryption algorithms. Implementing granular role-based access, multi-factor authentication (MFA), network segregation, and robust and effective disaster recovery measures that are tested regularly can also help increase resiliency should a ransomware attack occur. The HHS als...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Ambulatory C-Suite Leadership Health IT Company Healthcare IT Hospital - Health System LTPAC Security and Privacy Chris Bowen ClearDATA Cybersecurity Cybersecurity Standards Healthcare Cybersecurity Healthcare Security HHS HIPA Source Type: blogs