Cybersecurity Measures Proposed For Healthcare Under HIPAA Update

The United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), has proposed new cybersecurity rules to update the HIPAA Security Rule and enhance the protection of electronic protected health information (ePHI) from cyber threats.

The proposal includes mandatory measures such as encryption of ePHI, multi-factor authentication, and regular vulnerability assessments. Organisations must also conduct annual compliance audits, restore critical data within 72 hours of a breach, and implement network segmentation and anti-malware tools.

This initiative comes in response to increasing ransomware attacks on healthcare systems, with 67% of organisations affected in 2024, according to Sophos. The World Health Organisation has labelled these attacks as critical threats, underscoring the urgency for international efforts to protect healthcare infrastructure and sensitive patient data.