HHS tells health systems: Ensure cyber safety, take it seriously!

December 30, 2023
1 min read

A new strategy has been unveiled by the Health and Human Services Department (HHS) to address rising cybersecurity incidents within the healthcare sector. The strategy includes providing incentives to improve data security, issuing beefed-up guidelines, and the potential for cuts in reimbursement. The HHS plans to establish voluntary cybersecurity performance goals for the healthcare sector and provide resources to encourage their implementation. Financial incentives will also be offered to help struggling hospitals cover the costs of installing cybersecurity performance goals. The HHS strategy will also include new cybersecurity requirements that will be enforced through the Centers for Medicare & Medicaid Services (CMS), as well as an update to the Health Insurance Portability and Accountability (HIPAA) Security Rule to include cybersecurity requirements. Some experts in the field have criticised the strategy, calling for more rigorous standards and resources to be provided by the department.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and