HealthLeaders Media June 28, 2021
Scott Mace

Hospitals have thousands of such devices connected to their networks, capable of accessing EHR records.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report last week finding that the Centers for Medicare & Medicaid Services’ (CMS) survey protocol does not include requirements for networked device cybersecurity.

Further, the report stated that CMS’ accreditation organizations (AO) do not use powers they possess to require hospitals to have such cybersecurity plans.

The OIG stated that hospitals that identify networked device cybersecurity as part of their emergency preparedness risk assessments can get their mitigation plans reviewed by AOs.

In practice, however, hospitals frequently fail to identify device cybersecurity in these risk assessments, the AOs told...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, EMR / EHR, Govt Agencies, Health IT, Health System / Hospital, HHS, Insurance, Medical Devices, Medicare, OIG, Provider, Survey / Study, Technology, Trends
Related Articles:
What B2B Firms Can Learn From Big Tech’s Cybersecurity Initiatives
Feds warn hospitals of cybersecurity risk in Chinese-made medical monitor
ViVE 2025: AI advances, cybersecurity, and what doctors and nurses need
Chinese medical devices are in health systems across U.S., and the government and hospitals are worried
HISAC Finds Ransomware & Third-Party Breaches Dominate 2025 Threats

Share This Article