HHS: New cybersecurity regs on the way for hospitals
By 
Adrianne Appel2023-12-07T18:34:00
Hospitals can soon expect to see new draft cybersecurity regulations, according to the Department of Health and Human Services (HHS).
The HHS outlined its cybersecurity strategy for the healthcare sector in a concept paper released Wednesday that also described voluntary performance goals. The goals are intended to help the industry prepare for forthcoming enforceable standards, the agency said.
In addition, the Centers for Medicare and Medicaid Services is expected to propose new cybersecurity requirements for hospitals through Medicare and Medicaid, per the HHS.
Related articles
-
News BriefCISA creates new portal for businesses to file cyber incident reports
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has created a new online portal for organizations to voluntarily report cybersecurity incidents, including ransomware attacks.
-
News BriefChange Healthcare facing HHS probe following crippling cyberattack
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
-
News BriefMontefiore Medical Center to pay $4.8M over employee’s data theft
Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
More from Regulatory Policy
-
News BriefFinCEN again delays U.S. ban on three Mexican financial institutions
The order barring three Mexican financial institutions from doing business with U.S. financial institutions has been delayed until October.
-
Basic PageSEC taps military judge as Enforcement Division Director
The SEC has named Margaret “Meg” Ryan, a senior military judge and Harvard Law lecturer, as its next Enforcement Division Director—an unconventional pick that could signal changes in enforcement strategy.
-
ArticleCalifornia privacy regulator unveils new cyber, risk, and automation rules
Businesses operating in California will need to meet new, first-in-the-nation privacy requirements for cybersecurity, risk assessments, and automated decision-making technology, under a large expansion of rules by the state.