HIPAA Clicks

Healthcare cyberattacks are increasing each year in number and severity. In 2023, almost 740 healthcare data breaches were reported to the HHS’ Office for Civil Rights, and those breaches affected more than 136 million individuals, breaking previous records for both the number of data breaches and the individuals affected. It is clear that cybersecurity in healthcare is in a critical state and if nothing changes, more unwanted records will be broken in 2024.

The Health Sector Coordinating Council (HSCC), a public-private coalition that represents 425 healthcare industry entities and government agencies, recently unveiled a 5-year strategic plan for the healthcare and public health sector at the ViVE 2024 conference. HSCC explained that cyberattacks and data breaches are occurring due to increasingly connected and remote use of digital health technology, widely distributed portability of health data, and shortages of qualified healthcare cybersecurity professionals. The sprawling and increased complexity of the connected healthcare ecosystem creates risks such as unanticipated and poorly understood interdependencies; unknown inherited security weaknesses; overreliance on vendor solutions; systems that fail to adequately account for human factors related to cybersecurity controls; and inconsistencies between software and equipment lifecycles, and hackers are finding it far to too easy to exploit the vulnerabilities.

The Health Industry Cybersecurity Strategic Plan (HIC-SP) aims to improve healthcare cybersecurity from the current critical status to stable by 2029. HSCC explained that the cybersecurity status of the healthcare industry was rated critical in 2017 when the Health Care Industry Cybersecurity Task Force issued a report on improving cybersecurity in the healthcare industry. The HIC-SP builds on the recommendations made in the report and aims to improve healthcare cybersecurity through the implementation of foundational cybersecurity programs that address the operational, technological, and governance challenges posed by significant healthcare industry trends over the next five years.

HSCC has worked to establish current industry trends that are likely to continue over the next 5 years, determined their likely impact on healthcare cybersecurity, and made recommendations for proactively addressing those trends. The sector is likely to continue to incorporate emerging technologies, is unlikely to address current workforce and management challenges, and there is likely to be continued instability in the healthcare supply chain. The HIC-SP assesses how these and other trends may present continuous or emerging cybersecurity challenges, and recommendations are made on how the healthcare sector and government should prepare for those changes with broad cybersecurity principles and specific actions.

The aim is to provide C-Suite executives with actionable and measurable risk reduction activities based on the current cybersecurity landscape and projected industry trends. Healthcare security decision-makers can use the HIC-SP to inform decisions about cybersecurity investments and the implementation of specific cybersecurity measures, and since the HIC-SP is modular, organizations can use it to identify high-level goals and implement objectives to address the areas in most need of attention.

The HSCC says the HIC-SP complements other efforts to improve healthcare cybersecurity, such as the HHS’ Healthcare Sector Cybersecurity Strategy that was published in December 2023 and the voluntary healthcare cybersecurity performance goals announced by the HHS in January, and together with its government partners, the HSCC Cybersecurity Working Group will be working to achieve the goals of the plan through education and policy incentives and plans to release a set of measurable outcomes and metrics for success by the end of the year. By 2029, it is hoped that healthcare cybersecurity will have become as ingrained as a public health and patient safety standard.

The post HSCC Releases 5-Year Strategic Plan for Improving Healthcare Cybersecurity appeared first on HIPAA Journal.

HIPAA Clicks

Daily HIPAA News, HIPAA RSS Feeds, HIPAA Information

HSCC Releases 5-Year Strategic Plan for Improving Healthcare Cybersecurity

HIPAA Privacy Rule – Updated for 2024 – HIPAA Journal

McDermottPlus Check-Up: February 23, 2024 | McDermott+Consulting – JDSupra – JD Supra

Substance Use Disorder Confidentiality Regulations Modified to Align with HIPAA – JD Supra

Federal Regulators Unveil Revised Final Guidance for Healthcare Cybersecurity and HIPAA Compliance – JD Supra

Viz.ai Announces Successful Completion of SOC 2 Type II + HIPAA Audits for Viz.ai One Platform – Business Wire

Viz.ai Announces Successful Completion of SOC 2 Type II + HIPAA Audits for Viz.ai One Platform – Yahoo Finance

Viz.ai Announces Successful Completion of SOC 2 Type II + HIPAA Audits for Viz.ai One Platform – The Bakersfield Californian

Viz.ai Announces Successful Completion of SOC 2 Type II + HIPAA Audits for Viz.ai One Platform – Chronicle-Tribune

Latest News from Around the Web

Categories