HealthLeaders Media June 28, 2021
Scott Mace

Hospitals have thousands of such devices connected to their networks, capable of accessing EHR records.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report last week finding that the Centers for Medicare & Medicaid Services’ (CMS) survey protocol does not include requirements for networked device cybersecurity.

Further, the report stated that CMS’ accreditation organizations (AO) do not use powers they possess to require hospitals to have such cybersecurity plans.

The OIG stated that hospitals that identify networked device cybersecurity as part of their emergency preparedness risk assessments can get their mitigation plans reviewed by AOs.

In practice, however, hospitals frequently fail to identify device cybersecurity in these risk assessments, the AOs told...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, EMR / EHR, Govt Agencies, Health IT, Health System / Hospital, HHS, Insurance, Medical Devices, Medicare, OIG, Provider, Survey / Study, Technology, Trends
Related Articles:
UnitedHealth ghosts Congress on Change cyberattack — for now
Cyber insurance gaps stick firms with millions in uncovered losses
Congress Has A Big Chance To Investigate A Financial Threat To Patients
Majority of businesses worldwide are implementing zero trust, Gartner finds
Small medical practices will close because of Change cyberattack, says AMA

Share This Article