HomeMalware & ThreatsNew HIPAA Rules Require 72-Hour Data Restoration and Annual Compliance Audits

New HIPAA Rules Require 72-Hour Data Restoration and Annual Compliance Audits

Published on

spot_img

The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has put forth new cybersecurity requirements for healthcare organizations in an effort to enhance the protection of patients’ data from potential cyber attacks.

As part of a broader initiative to strengthen the cybersecurity of critical infrastructure, the OCR has proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The main goal of this proposal is to update the HIPAA Security Rule’s standards to better address the growing cybersecurity threats faced by the healthcare sector.

The key components of the proposed rule include conducting a review of the technology asset inventory and network map, identifying vulnerabilities that could compromise electronic information systems, and establishing procedures to recover lost electronic information systems and data within 72 hours. Additionally, healthcare organizations would be required to perform compliance audits annually, encrypt ePHI both at rest and in transit, implement multi-factor authentication, deploy anti-malware protection, and remove unnecessary software from relevant electronic systems.

Furthermore, the proposal mandates network segmentation, technical controls for backup and recovery, vulnerability scanning every six months, and penetration testing at least once a year. These measures aim to address the increasing threat of ransomware attacks targeting the healthcare sector, which not only pose financial risks but also endanger lives by disrupting access to critical systems and patient records.

According to reports, 67% of healthcare organizations fell victim to ransomware attacks in 2024, a significant increase from 34% in 2021. Exploited vulnerabilities, compromised credentials, and malicious emails have been identified as the main causes of these incidents. Moreover, 53% of organizations that had their data encrypted ended up paying ransom amounts averaging $1.5 million to regain access.

The rise in ransomware attacks has also led to longer recovery times, with only 22% of victims fully recovering within a week or less, compared to 54% in 2022. Cybersecurity experts emphasize the critical need for healthcare entities to enhance their preparedness and response capabilities to combat these evolving threats effectively.

In response to the escalating cyber threat, the World Health Organization (WHO) has labeled ransomware attacks on healthcare systems as matters of life and death. The WHO has called for international cooperation to tackle this growing menace and safeguard critical healthcare infrastructure from cybercriminals.

As the healthcare industry remains a prime target for cybercriminals due to the sensitive nature of the data it handles, it is imperative for organizations to prioritize cybersecurity measures and adhere to the proposed regulations to mitigate risks and ensure the safety of patient information.

In conclusion, the implementation of robust cybersecurity protocols and compliance with the proposed requirements will play a crucial role in safeguarding the integrity and security of healthcare data in an increasingly digitized and interconnected world.

Source link

Latest articles

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

Karl Triebes is appointed as Ivanti’s Chief Product Officer

Salt Lake City, January 13, 2025 - Ivanti, a leading software company dedicated to...

FTC instructs GoDaddy to improve its information security practices

In a recent development, GoDaddy has been instructed by the Federal Trade Commission (FTC)...

More like this

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

Karl Triebes is appointed as Ivanti’s Chief Product Officer

Salt Lake City, January 13, 2025 - Ivanti, a leading software company dedicated to...