Breaking Down Some of the HHS’s Most Important New Voluntary Guidelines for Healthcare Cybersecurity

Breaking Down Some of the HHS’s Most Important New Voluntary Guidelines for Healthcare Cybersecurity

The healthcare industry is the most commonly targeted industry for data breaches, with one report from 2017 reporting the healthcare breaches accounted for over 40% of that year’s reported breaches. An earlier report found that there was an average of at least one health data breach per day in 2016, and that these attacks affected more than 27 million patient records over the course of the year. Experts warn that these attack attempts will continue to increase, as long as there is valuable data that can be accessed.

Cyber attacks against healthcare organizations create significant financial implications and threats to public health. In 2016 alone, the United States healthcare system lost $6.2 billion due to cybersecurity related events. As way of addressing this potential crisis, the Department of Health and Human Services (HHS) released brand new guidelines pertaining to cybersecurity practices for the healthcare industry. The aim of this release was to give healthcare providers additional resources to help cost-effectively reduce cybersecurity risks. HHS describes the voluntary guidelines, called ‘Health Industry Cybersecurity Practices: Managing Threats and Protection Patients,’ as “cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks.”

HHS put together a task force of more than 150 health care and cybersecurity experts from the public and private sectors to develop and draft the “voluntary, consensus-based, and industry-led guidelines, best practices, methodologies, procedures, and processes,” aimed at achieving three core goals:

  1. Reducing cybersecurity risks for a range of healthcare organizations in a cost-effective manner.
  2. Supporting the voluntary adoption and implementation of HHS recommendations.
  3. Ensuring that content is actionable, practical and relevant to health care stakeholders of every size and resource level on an ongoing basis.

The guide identifies the five current cybersecurity threats that are facing the healthcare industry.

The top five current threats are:

  1. E-mail phishing attacks
  2. Ransomware attacks
  3. Loss or theft of equipment or data
  4. Insider, accidental or intentional data loss
  5. Attacks against connected medical devices that may affect patient safety

The guide also recommends best practices for mitigating cybersecurity threats, which are consistent with the National Institute for Standards and Technology (NIST) “Five Functions” system.

The ten best practices for mitigating cybersecurity threats are:

  1. E-mail protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cybersecurity policies

The guidelines put forth by HHS provide valuable information on critical threats related to

the health sector. The frequency of cyber attacks on healthcare organizations makes it essential to continuously strengthen cybersecurity and more effectively tackle cyber threats. It is crucial for healthcare organizations to prioritize cyber risk services and cybersecurity efforts in order to reduce patient privacy risks, better protect patient safety and preserve their organizations’ reputations and finances.

About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
ConnectedRisk_HealthcareReform
Healthcare Reform and Its Impact on the Insurance Industry
The healthcare landscape is continually changing, and healthcare reform is a critical driver of change....
ConnectedRisk_SeniorCare
Looking at the Advancements in Senior Care
Senior care has undergone some extraneous advancements, and there are budding reasons for optimism. Now,...
ConnectedRisk_HealthcareStaffing
The Latest About Healthcare Staffing
The healthcare staffing industry is going through some changes as things fluctuate on the backend of...