HealthLeaders Media June 28, 2021
Scott Mace

Hospitals have thousands of such devices connected to their networks, capable of accessing EHR records.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report last week finding that the Centers for Medicare & Medicaid Services’ (CMS) survey protocol does not include requirements for networked device cybersecurity.

Further, the report stated that CMS’ accreditation organizations (AO) do not use powers they possess to require hospitals to have such cybersecurity plans.

The OIG stated that hospitals that identify networked device cybersecurity as part of their emergency preparedness risk assessments can get their mitigation plans reviewed by AOs.

In practice, however, hospitals frequently fail to identify device cybersecurity in these risk assessments, the AOs told...

Today's Sponsors

Canton & Company

Today's Sponsors


Today's Sponsor

Crossover Health

Topics: Cybersecurity, EMR / EHR, Govt Agencies, Health IT, Health System / Hospital, HHS, Insurance, Medical Devices, Medicare, OIG, Provider, Survey / Study, Technology, Trends
FTC Warns Health App Vendors: Comply with the Health Breach Notification Rule or Pay the Penalty!
FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
Study: Ransomware attacks on healthcare can lead to higher mortality rate
Healthcare Employee Cybersecurity Training is Lacking, Report Finds
Report: 22% of providers saw death rates spike following a ransomware attack