What’s Next in Health Care Cybersecurity?

December 04, 2024

A new report from the Office of Inspector General (OIG) offers new recommendations to the federal government as lawmakers and other stakeholders look to bolster health care cybersecurity heading into 2025.

The report, issued last week, comes amid a significant uptick in cyberattacks and ransomware threats that have affected the health care sector and ongoing discussions in Congress about what’s needed to address new digital threats.

Here’s what you need to know:

• General trend:  The number of data breaches across the sector has increased over the past few years. A recent federal report indicated there were 626 breaches reported affecting 500 or more individuals during 2022, a slight increase from 2021.
• OIG report:  Among its key recommendations, the OIG report indicated the Office for Civil Rights (OCR) should enhance its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program to improve cybersecurity protections.
• Recommendations:  The report recommends OCR expand the scope of its HIPAA audits to ensure deficiencies are corrected quickly; better determine when a compliance review is needed; and define metrics to monitor the effectiveness of its audits.
• New and noteworthy:  Congress is evaluating next steps for health care cybersecurity. Last month, leaders from the Senate Health, Education, Labor, and Pensions (HELP) Committee introduced a bill that aims to improve coordination between federal agencies, offer grants to improve cybersecurity prevention and response, and modernize HIPAA cybersecurity best practices.
• Quotable:  “Cyberattacks on our health care sector not only put patients’ sensitive health data at risk but can delay life-saving care,” said Senator Bill Cassidy, (R-LA).

HAP will continue to monitor the latest cybersecurity trends and provide updates to members. The full OIG report and highlights are available online.