New HHS Cybersecurity Guidance Released
We’ve talked about the rapid rise of cyberattacks quite a bit in past newsletters. In response to the threats healthcare providers are facing, HHS recently released a new guide in line with the NIST Cybersecurity Framework.
The Cybersecurity Framework Implementation Guide aims to help providers protect themselves and their patients by adopting practical and effective cybersecurity measures.
According to the guide itself, it was created to help healthcare organizations “understand and leverage the NIST Cybersecurity Framework's Informative References in their implementation of sound cybersecurity and cyber risk management programs, address the five Core Function areas of the NIST Cybersecurity Framework to ensure alignment with national standards, help organizations assess and improve their level of cyber resiliency, and provide suggestions on how to link cybersecurity with their overall information security and privacy risk management activities."
The guidance was created with the addition goal of helping healthcare leadership to:
- Understand NIST Cybersecurity Framework terminology, concepts, and benefits,
- Assess their current and targeted cybersecurity posture,
- Identify gaps in their current programs and workforce,
- Identify current practices that help address recommended NIST Cybersecurity Framework outcomes.
While the guide was not created to replace your current cybersecurity program or be the one-stop shop for compliance, it is a valuable resource to pull from for cybersecurity best practices and risk management. It also provides some shared language around the topic of cybersecurity for organizations in the healthcare industry.
There are no legal requirements within the guide, but the organizations who voluntarily adopt these best practices will set themselves up for success in securing patient data.
As you consider and assess your current cybersecurity posture, keep in mind the value of the protected data your organization stores, and the growing number of attacks within your industry. Taking proactive security steps is the number one way you can protect your patients from data theft and prevent the financial and reputational costs of a breach.
The Medcurity guided Security Risk Assessment was built to bring clarity and confidence to your HIPAA compliance journey. If you want to know where your cybersecurity vulnerabilities lie, conducting your Security Risk Assessment as required by HIPAA is a critical first step. By analyzing and evaluating your current cybersecurity posture, you can identify gaps and potential vulnerabilities to the security and privacy of patient data.
Once your Security Risk Assessment is complete, the Medcurity platform will automatically generate a complete prioritized task list for you to be able to take your next steps in securing PHI. Once the task list has been generated, you’ll be able to see your greatest areas of risk and what to do to address them. Technical safeguard recommendations within the Medcurity platform are regularly updated to match current healthcare cybersecurity best practices and to meet new regulations. Our compliance experts do the research for you, so that you can experience your one-stop shop for HIPAA compliance tools and resources.
Our team at Medcurity is here to help you with HIPAA compliance. If you have questions about HIPAA technical requirements, or would like to view a demo of the Medcurity HIPAA compliance platform, give us a call.