Becker's Healthcare July 1, 2021
CMS is considering adding new medical device cybersecurity requirements for hospitals participating in Medicare after receiving recommendations from the HHS Office of Inspector General, according to a June 30 GovInfoSecurity report.
1. CMS does not require accreditation organizations that review acute care hospitals for Medicare participation to ask about methods they use for securing network devices from cybersecurity threats, according to a June inspector general report cited by GovInfoSecurity.
2. Since CMS guidance on assessing hospitals’ compliance with its 23 conditions of participation in Medicare does not address medical device cybersecurity, the accreditation organizations don’t require hospitals to have cybersecurity plans for devices in place.
3. While accreditation organizations “sometimes...