HHS: New cybersecurity regs on the way for hospitals

By Adrianne Appel2023-12-07T18:34:00

Hospitals can soon expect to see new draft cybersecurity regulations, according to the Department of Health and Human Services (HHS).

The HHS outlined its cybersecurity strategy for the healthcare sector in a concept paper released Wednesday that also described voluntary performance goals. The goals are intended to help the industry prepare for forthcoming enforceable standards, the agency said.

In addition, the Centers for Medicare and Medicaid Services is expected to propose new cybersecurity requirements for hospitals through Medicare and Medicaid, per the HHS.

THIS IS MEMBERS-ONLY CONTENT

JOIN NOW

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

News Brief
CISA creates new portal for businesses to file cyber incident reports

2024-09-05T19:08:00Z By Adrianne Appel

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has created a new online portal for organizations to voluntarily report cybersecurity incidents, including ransomware attacks.
News Brief
Change Healthcare facing HHS probe following crippling cyberattack

2024-03-14T19:45:00Z By Adrianne Appel

Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
News Brief
Montefiore Medical Center to pay $4.8M over employee’s data theft

2024-02-07T21:51:00Z By Adrianne Appel

Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.

More from Regulatory Policy

Article
Navigate SEC cautiously during shutdown, experts advise

2025-10-31T17:50:00Z By Adrianne Appel

The U.S. government shutdown has brought most operations at the Securities and Exchange Commission (SEC) to a screeching halt, but that doesn’t mean compliance teams should be taking a breather, experts advised.
Article
Complying with the EU Data Act – What companies should know

2025-10-30T19:39:00Z By Neil Hodge

Companies could face significant compliance challenges in trying to meet new EU legal requirements about how companies share data with third parties.
Article
California climate rules cause uncertainty as CARB delays draft guidance

2025-10-27T20:16:00Z By Adrianne Appel

California has delayed the release of draft greenhouse gas reporting rules for businesses until early 2026, the California Air Resources Board said.

HHS: New cybersecurity regs on the way for hospitals

THIS IS MEMBERS-ONLY CONTENT

Related articles

CISA creates new portal for businesses to file cyber incident reports

Change Healthcare facing HHS probe following crippling cyberattack

Montefiore Medical Center to pay $4.8M over employee’s data theft

More from Regulatory Policy

Navigate SEC cautiously during shutdown, experts advise

Complying with the EU Data Act – What companies should know

California climate rules cause uncertainty as CARB delays draft guidance