A new paper from the Department of Health and Human Services (HHS) presents four pillars of action for critical healthcare cybersecurity measures, targeting processes and procedures that will make communities, hospitals, and patients more secure.
In early December 2023, the U.S. Department of Health and Human Services published a concept paper outlining imperative new guidelines for healthcare organizations tackling cybersecurity. The publication comes on the tailwind of the Biden-Harris administration’s National Cybersecurity Strategy, building off of that momentum with a renewed focus on one of the nation’s most high-risk sectors.
“Since entering office, the Biden-Harris Administration has worked to strengthen the nation’s defenses against cyberattacks,” HHS Secretary Xavier Becerra said in a press release. “The healthcare sector is particularly vulnerable, and the stakes are especially high. Our commitment to this work reflects that urgency and importance.”
Why is cybersecurity important in healthcare as we move into the new year? Sensitive data exposure from health records can lead to identity theft and more serious attacks, painting a glaring target on the entire industry. Information collected from the HHS and its Office for Civil Rights (OCR) shows an astounding 278% increase in large breaches involving ransomware from 2018 to 2022 and a 93% increase in large breaches reported overall.
Preventing these precisely targeted and unrelenting attacks requires more than just a few security scans a month; organizations in the health sector need a consistent and holistic approach to securing the many web applications they use to share and receive sensitive information every day.
As the healthcare sector moves to adopt more strategically impactful cybersecurity policies, the concept paper outlines four key actions that should happen concurrently to reduce the number of cyber incidents and data breaches impacting healthcare:
The concept paper states: “HHS believes these goals, supports, and accountability measures can comprehensively and systematically advance the healthcare sector along the spectrum of cyber resiliency to better meet the growing threat of cyber incidents, especially for high-risk targets like hospitals.” Taking action on these priorities will help the sector move toward better security and enhanced privacy for all seeking safe access to healthcare technology.
In addition to these new guidelines and supporting initiatives, the HHS OCR plans to update the Health Insurance Portability and Accountability Act (HIPAA) Security Rule in 2024 to include new vital cybersecurity requirements. As they also intend to implement additional Medicare and Medicaid security requirements, organizations in healthcare need to keep an eye on these changes in order to implement the right processes and tools to help them succeed.
Basic web application attacks were one of the top three patterns resulting in breaches for healthcare in 2022, according to Verizon’s 2023 Data Breach Investigations Report. There were 525 incidents in all, of which 436 were confirmed to involve data disclosure—with 67% of the compromised data containing personal information and 54% containing medical information.
As healthcare organizations move to keep sensitive information secure and comply with these new HHS directives, there is ample opportunity for streamlining web app security without disrupting development or user experience. Mature scanning tools are available that offer flexible deployment options and come equipped with built-in checks for HIPAA compliance so that organizations can hit their reporting goals with ease.
When time is of the essence (which it always is in software development), modern scanning tools like Invicti’s solutions keep healthcare organizations on schedule by eliminating hours of manual work and reducing tedious false positives. Seamless workflows take center stage: integrations and a full-featured REST API make automating security tasks a reality so that teams save time—and sanity—as they build innovative solutions for hospitals, patients, and their communities.
When reviewing solutions that get the job done, organizations in the healthcare sector should look for security tools that can:
At Invicti, we do all of that and then some. Looking ahead to future guidelines and regulations from the government, see how Invicti can help your hospital or healthcare organization stay secure 24/7, protect sensitive patient information, and maintain compliance.