What the Proposed Healthcare Cybersecurity Regulations Mean for Your Organization

What the Proposed Healthcare Cybersecurity Regulations Mean for Your Organization

The healthcare industry is the sixth most attacked industry by cyber threats, according to the 2022 IBM Security X-Force Threat Intelligence Index. Of the attacks against healthcare organizations, 57% exploited vulnerabilities, 38% utilized ransomware, and 29% used phishing. With healthcare groups dealing with such sensitive data, it’s crucial for this industry to enhance its cybersecurity regulations to fight ongoing attacks.

And that’s where the Healthcare Cybersecurity Act of 2022 comes in.

What is the Healthcare Cybersecurity Act of 2022?

healthcare cybersecurity regulations

In 2022, U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) brought the Healthcare Cybersecurity Act of 2022 to Congress (Congress.gov, 2023). The bill proposes that the Cybersecurity and Infrastructure Security Agency (CISA) and Health and Human Services (HHS) work together to strengthen the digital infrastructure of the public health and healthcare sector. The bill aims to protect patients’ sensitive data from cyber threats and reduce the number of ransomware attacks (Security Intelligence, 2022).

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” Senator Rosen said in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” Senator Dr. Cassidy said in the same press release. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

The healthcare cybersecurity regulations outline new roles and actions for the CISA and HHS to accomplish their goals. Healthcare groups would be required to receive cybersecurity training on mitigating the risk of cyberattacks and data breaches.

HHS will update the Healthcare and Public Health Sector Specific Plan, which outlines the strategy to increase the sector’s infrastructure security and resiliency. The CISA will conduct a detailed study to address cybersecurity challenges due to COVID-19, cybersecurity personnel shortages, and the impacts on rural, small, and medium-sized healthcare groups.

What Does It Mean for Your Facility?

Currently, the bill is still in the introductory phase. If it passes and is signed into law, the cybersecurity regulations may require healthcare organizations to implement enhanced security measures and encryption programs. Healthcare workers can expect to undergo cybersecurity training.

“This proposed bill represents the latest in a series of efforts to ensure that healthcare facilities and their business partners get with the times and shore up their defenses against the constant threat of PHI breaches and blackmail due to cyberattacks,” Nick Youmans, CFO, says. “As criminal methods continue to become more sophisticated – and their use more frequent, so too must we adapt as an industry to mitigate privacy and security risk, eliminating any oversight that would compromise the integrity of PHI.”

The YES Blog will share more developments regarding the Healthcare Cybersecurity Act of 2022 as they are released. In the meantime, review our services for support with your medical codingcompliance auditscorporate coding team education, and more.

YES HIM Consulting

healthcare cybersecurity regulations

Subscribe to our Newsletter

HOW CAN WE HELP? LET’S DISCUSS!

By clicking Submit, you agree to YES HIM Consulting's Privacy Policy and Terms of Use.