Health Law Highlights

Healthcare Scores a B for Cybersecurity

Summary of article from The HIPAA Journal, by Steve Adler:

SecurityScorecard awarded the U.S. healthcare industry a B+ cybersecurity rating for the first half of 2024, despite significant breaches, including a major ransomware attack on Change Healthcare. The study assessed the top 500 publicly traded healthcare companies, revealing a mean security score of 88. Medical device manufacturers and suppliers had the lowest security scores within the sector, largely due to their extensive attack surfaces. Key areas for improvement include application security, DNS health, and network security, with common issues such as weak SSL/TLS protocols and outdated web browsers. Recommendations for enhancing security emphasize third-party risk management and improved application and endpoint security practices.