The U.S. Department of Health and Human Services on Wednesday released a sweeping strategy document outlining how the Biden administration proposes to nudge the healthcare sector into improving its often poor cybersecurity.
The strategy includes updating the HIPAA Security Rule in the next year, establishing new cybersecurity requirements for hospitals participating in Medicare and Medicaid programs, setting new voluntary cybersecurity performance goals for healthcare entities – including financial sticks and carrots to implement them – and expanding a “one-stop shop” where healthcare sector entities can tap HHS cybersecurity services and resources.