Navigating New York’s Cybersecurity Regulations for Hospitals
Unwilling to wait for the federal government to implement its cybersecurity regulations in healthcare, New York decided to take matters into its own hands by adopting groundbreaking new legislation. On October 2nd the New York Department of Health announced new state cybersecurity requirements for hospitals, under Section 405.46 of Title 10. “New York state finalizing […]
AI Regulation in the US and Beyond: What You Need to Know
In an extremely rare event, on May 16, 2023, industry leaders appeared before congress to plead for regulation. Sam Altman, CEO of OpenAI, appeared before the Senate Judiciary Committee seeking to work with the federal government to create parameters for AI creators to ensure the tool would not cause “significant harm to the world.” Altman […]
Is “Sorry” Good Enough? Insights from UHG’s Change Healthcare Testimony
On Wednesday, May 1, Andrew Witty, CEO of United Health Group (UHG), appeared before two congressional committees to discuss the recent Change Healthcare Breach. Mr. Witty expressed deep regret for the significant disruption the incident caused throughout the healthcare sector. During his testimony, he provided insight into how the attack happened, evaluated United Health Group’s […]
Congressional Scrutiny of Healthcare Cyber Risks
On April 16th, healthcare industry leaders gathered in Washington, DC to testify to the Energy and Commerce Health Subcommittee on the topic of “Examining Health Sector Cybersecurity in the Wake of the Change Healthcare Attack.” The insights these leaders shared around the sector-wide risks facing healthcare and the potential steps forward to address them were […]
Charting a Wellness Plan for Healthcare Cybersecurity
The journey to cybersecurity resilience in healthcare is not a solo endeavor. It requires coordination among several pivotal organizations. At the heart of this collaborative effort is the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG), a team designated by the U.S. government as a critical infrastructure advisory council. The HSCC CWG exemplifies a […]
How to Successfully Navigate HIPAA Cybersecurity Requirements
In a world where technology evolves faster than we can say “cybersecurity,” one might wonder if the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is still relevant. Surprisingly, it’s not just relevant; it’s an unsung guardian of our healthcare data. Compliance with HIPAA is essential for healthcare organizations to maintain data security and […]
The Evolution and Impact of NIST CSF 2.0
NIST, or the U.S. National Institute of Standards and Technology, is at the forefront of the evolving realm of cybersecurity. Their goal is to provide recommendations that can be used as guideposts for industry best practices and more efficient ways of working However, cybersecurity is notoriously difficult to build standards around because the threat landscape […]
How the 405(d) Program and Task Group is Helping Healthcare Security
Healthcare organizations continue to be prime targets for malicious actors. OCR data in a recent Health IT Security article showed more than 127 breaches reported so far in 2022 had impacted over 6 million individuals. In addition to increased threats, the healthcare industry has the highest cost per incident at $9.23 million, up $2 million […]
How Proposed 2021 HIPAA Changes Will Affect Your Healthcare IT
On January 21, 2021, an important development in cybersecurity news was released. The United States Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) issued Notice of Proposed Rulemaking (NPRM) to modify the Standards for the Privacy of Individually Identifiable Health Information (Privacy Rule) under the Health Insurance Portability and Accountability Act […]
Recommendations on NIST Resource Guide
Fortified recently responded to an opportunity from NIST to comment on the utility of NIST Special Publication (SP) 800-66, Revision 1, commonly referred to as the Resource Guide. The Resource Guide and other industry standards are critical to the success of our clients to safeguard electronic protected health information (ePHI) and personally identifiable information (PII). […]