Health Law Highlights

HHS Must Take Immediate Action to Improve Cybersecurity at Large Healthcare Organizations

Summary of article from The HIPAA Journal, by Steve Adler:

Senator Ron Wyden has called on the Department of Health and Human Services (HHS) to take immediate action against large healthcare companies to strengthen their cybersecurity practices. He has criticized HHS for its lack of regulation and oversight, particularly in light of recent cyberattacks on major healthcare organizations, such as Change Healthcare and Ascension. Wyden has recommended the development and enforcement of minimum cybersecurity standards for systematically important entities (SIEs), including resilience to cyberattacks and business continuity. He also suggested that the HHS should stress test SIEs and prioritize their audits. Moreover, he has urged HHS to provide technical assistance and guidance to smaller healthcare organizations through the Centers for Medicare & Medicaid Services (CMS)’s Quality Improvement Organizations and Medicare Learning Network programs.