Last week, HHS released several voluntary cybersecurity goals for healthcare organizations.
In 2023, healthcare organizations saw a massive increase in data breaches. These cyberattacks have had costly and harmful impacts on patients and organizations alike, but with constantly evolving attack tactics, they can be difficult to prevent.
The HHS is stepping in to provide goals and safeguards that could help prevent attacks, improve incident response, and minimize remaining risks. Last week, they released a new guidance outlining cybersecurity goals for healthcare organizations.
The release of the goals follows an HHS concept paper from December, where the HHS acknowledged a 93% increase in large breaches between 2018 and 2022. The concept paper outlined a plan of action for the HHS, including establishing voluntary cybersecurity performance goals.
Read more: HHS releases new healthcare cybersecurity strategy
The voluntary goals are divided into two categories: essential goals and enhanced goals. Essential goals are designed to help healthcare organizations resolve common vulnerabilities with proper safeguards. Enhanced goals are designed to help companies reach “the next level of defense needed” in their cybersecurity capabilities.
The document outlines steps every healthcare company should take. Their essential goals, or goals that every organization should prioritize, are as follows:
The document also outlines several enhanced goals, or goals that companies should strive for to obtain top security measures. The goals are as follows:
According to the HHS, these goals were developed from common industry cybersecurity frameworks, guidelines, best practices, and strategies.
According to the document, “These resiliency-based goals complement HHS’ ongoing work to improve cybersecurity in medical devices through the Food and Drug Administration’s establishment of pre-market cybersecurity requirements and recommendations for medical devices.”
The authors further added they hoped the goals would “promote cybersecurity through the Office for Civil Rights’ continuous administration and enforcement of the Health Insurance Portability and Accountability Act Privacy, Security, and Breach notification rules.”
The HHS is aiming to create a more united front against attacks, with clearer industry standards and expectations.
Moreover, their list of goals is significantly more measurable than prior overarching concept papers we’ve seen. The HHS is taking steps to provide actionable items for organizations to take, which could result in more compliance.
Ultimately, protecting against security vulnerabilities must become a priority for healthcare organizations. Without taking the proper steps, it’s easy to become a target. By using a list like the one from the HHS, organizations can ensure they are up to par with the latest security innovations and standards.
While this list of goals is helpful, it’s part of a larger plan from the HHS. We can soon expect them to release incentives for healthcare organizations to encourage compliance, as well as an HHS-wide strategy to improve accountability.
One of the essential goals of the HHS is email security. Many healthcare organizations are vulnerable to phishing attacks, often partially the result of ill-trained employees, human error, or faulty technology.
Read more: HIPAA Compliant Email: The Definitive Guide
Paubox makes it simple to secure email; emails are always encrypted, taking out all guesswork and room for error. Furthermore, Paubox has never experienced a breach; our technology is reliable and HITRUST certified. To help your company meet the essential goals proposed by HHS, try Paubox today.