HealthLeaders Media June 28, 2021
Scott Mace

Hospitals have thousands of such devices connected to their networks, capable of accessing EHR records.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report last week finding that the Centers for Medicare & Medicaid Services’ (CMS) survey protocol does not include requirements for networked device cybersecurity.

Further, the report stated that CMS’ accreditation organizations (AO) do not use powers they possess to require hospitals to have such cybersecurity plans.

The OIG stated that hospitals that identify networked device cybersecurity as part of their emergency preparedness risk assessments can get their mitigation plans reviewed by AOs.

In practice, however, hospitals frequently fail to identify device cybersecurity in these risk assessments, the AOs told...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Cybersecurity, EMR / EHR, Govt Agencies, Health IT, Health System / Hospital, HHS, Insurance, Medical Devices, Medicare, OIG, Provider, Survey / Study, Technology, Trends
As Change reviews data impacted by cyberattack, here's what the notification process could look like
Healthcare security culture steadily improving, but gaps remain
CISA proposes rule for hospitals to disclose ransom payments
What Change Healthcare And The Postal Service Can Tell Us About The Coming Platform Revolution
UnitedHealth pays $3.3B to providers following Change hack

Share This Article