3 min read
The Healthcare Cybersecurity Act: an update to healthcare cybersecurity
Kapua Iao April 25, 2022
U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV) recently introduced the Healthcare Cybersecurity Act, a new bill set to improve healthcare cybersecurity. Currently, healthcare organizations must demonstrate their compliance under HIPAA, the Health Insurance Portability and Accountability Act of 1996.
The latest bill directs the Department of Health and Human Services (HHS) to coordinate with the Cybersecurity and Infrastructure Security Agency (CISA). Such a collaboration could only be beneficial for healthcare covered entities and their patients.
SEE ALSO: HIPAA compliant email
Especially because an important facet of HIPAA is safeguarding patients’ protected health information (PHI).
What is the Healthcare Cybersecurity Act?
Introduced by U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV), the Healthcare Cybersecurity Act advances healthcare cybersecurity. First, the act requires HHS and CISA to better ensure cybersecurity in the healthcare and public health sectors.
SEE ALSO: CISA urges organizations to protect against critical cyber threats
This is done through an agreement with each other to coordinate available resources and products. Furthermore, the Healthcare Cybersecurity Act authorizes the two agencies to better manage healthcare cybersecurity training.
Employee awareness training should clarify what employees need to understand about facing and blocking cyber threats. And what to do if a data breach occurs. By supervising training, HHS and CISA can ensure that organizations focus on similar issues and mitigation techniques.
Finally, the bill requires CISA to conduct a study and issue a report on:
- How cybersecurity risks impact healthcare
- The challenges facing healthcare organizations when updating information systems
- Best practices for deploying CISA coordinators before, during, and after a breach
- Relevant healthcare cybersecurity workforce shortages
- Cybersecurity challenges during public health emergencies
- The most accessible and timely means to communicate and deploy recommendations and tools
Why is the Healthcare Cybersecurity Act necessary?
According to the act, the healthcare and public health sectors are increasingly attacked by threat actors. And such cyberattacks result in not only a PHI breach but increased costs to healthcare organizations and patients.
RELATED: The costs of ransomware attacks
According to a recent HHS’ Office for Civil Rights guidance, the number of breaches jumped 45% from 2019 to 2020. “Health centers save lives and hold a lot of sensitive, personal information,” said Senator Cassidy. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”
In fact, Senators Cassidy and Rosen introduced the Healthcare Cybersecurity Act after Biden warned critical infrastructures to strengthen their defenses. Especially given the current attacks against Ukraine and the increase in related nation-state threat actors. As stated by Senator Rosen,
In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities. Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.
Bolster and improve your cybersecurity
The Healthcare Cybersecurity Act emphasizes the importance of employee training. This is because training tools help identify and block malware and other potential threats. But as discussed several times in the Paubox healthcare cybersecurity blog, training is essential but not enough on its own.
RELATED: Why anti-phishing training isn’t enough
Moreover, the best cybersecurity program must include layers of security so that every endpoint and threat vector is covered. The final mix depends on the needs of each organization but should include employee training and other best practices:
- Up-to-date policies and procedures
- Offline backup
- Antivirus software and firewalls
- Strong access controls (e.g., multi-factor authentication)
- Encryption for data in transit and at rest
- Patched and updated systems (especially legacy systems)
And of course, HIPAA compliant email to strengthen the most accessed threat vector.
Strong email security with Paubox Email Suite Plus
One aspect of HIPAA cybersecurity that won’t change is the need for a well-built email security strategy. HIPAA compliant email provides a solid, secure communication method to help healthcare organizations provide better patient care.
RELATED: Why healthcare providers should use HIPAA compliant email
Paubox Email Suite Plus provides needed email protection because our HITRUST CSF certified solution encrypts all outbound email.
Moreover, employees can send emails directly from any existing email platform, such as Microsoft 365 or Google Workspace with no problem. No extra passwords or logins. No portals or prerequisites.
And even better, Paubox Email Suite Plus includes inbound security with robust malware, spam, and phishing protection built-in. Our new Zero Trust Email feature adds a layer of authentication before an email is even delivered to an inbox. While ExecProtect keeps display name spoofing from causing inadvertent sharing and access.
When taking care of patients is a top priority, it is important to stay on top of new legislation. And to understand what cyber protections, like HIPAA compliant email, can do for you.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.