AHA dubs HHS cybersecurity fines on hospitals thwarting attack strategy.

December 16, 2023
1 min read

The American Hospital Association (AHA) has criticized the Department of Health and Human Services’ (HHS) proposed cybersecurity plans for healthcare, proposing that they may actually weaken a hospital’s ability to prevent cyber attacks.

  • The HHS proposed cybersecurity plan includes Medicare and Medicaid requirements, potential cyber prevention adherence strategies and potential HIPAA violation penalties.
  • The AHA believes that these will hold hospitals accountable for hacking incidents instead of providing them resources to prevent such incidents from happening in the future.
  • Under the HHS proposal, additional cybersecurity measures will be levied on hospitals and added to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule in spring 2024.

The HHS cybersecurity measures have been drafted in response to President Joe Biden’s National Cybersecurity Strategy, and it involves a four-step plan designed to fortify cyber resilience across the healthcare industry. While the AHA and the HHS share a common goal – the prevention of cyber attacks – the AHA argues that the HHS requirements may actually debilitate hospitals in their efforts.

A point of contention is the HHS aspiration for all hospitals to meet sector-specific Cybersecurity Performance Goals (CPGs). The AHA president and CEO, Rick Pollack, suggested that these types of measures could hold hospitals accountable for the actions of external hackers and therefore, reduce their defensive capabilities.

The HHS has also proposed the creation of voluntary performance guides for specific healthcare and public health sectors. These would allow for prioritization and provide low-resource hospitals with upfront investment programs. In addition, HHS plans to incentivize hospitals to invest in advanced cybersecurity practices through an incentive program.

Finally, the HHS has proposed the expansion of a “one-stop shop” cyber support feature that intends to improve internal coordination and partnerships with industry. It also aims to increase the HHS’s incident response capabilities.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.