Becker's Healthcare April 12, 2024
The stark contrast between expectations placed on healthcare providers and the reality of our cybersecurity challenges has come into sharp focus since the attack on Change Healthcare.
Current rhetoric calls for holding healthcare CEOs and organizations directly accountable for breaches, which oversimplifies and misrepresents the issue, while blaming the victims rather than the cybercriminals attacking them. Yes, healthcare providers should be accountable for meeting cybersecurity requirements, but we also need support in defending against sophisticated international cybercriminals.
The federal government has an important role to play in providing specific requirements for healthcare cybersecurity. This includes creating accountability for meeting those requirements and shielding compliant organizations from liability. The requirements outlined in the HIPAA security rule could be updated...