The Department of Health and Human Services (HHS) has proposed new HIPAA cybersecurity rules requiring 72-hour data restoration and annual audits for healthcare organizations. The updated rules aim to protect electronic protected health information (ePHI) by mandating encryption, multi-factor authentication, and more robust security practices in response to rising ransomware attacks in healthcare.
Key Updates:
- 72-Hour Data Restoration: Healthcare organizations must restore critical data within 72 hours of an incident.
- Annual Compliance Audits: Regular cybersecurity audits are now mandatory to ensure organizations meet evolving standards.
- Mandatory Encryption: ePHI must be encrypted both at rest and in transit.
- Additional Security Requirements: These include multi-factor authentication, anti-malware protection, network segmentation, and regular vulnerability scanning.
Why It Matters:
As ransomware attacks continue to rise in healthcare, these new rules will help safeguard patient data and ensure organizations are better prepared to handle cyber threats.
At Isogent, we’re committed to helping healthcare organizations comply with these new guidelines, strengthening cybersecurity practices to protect critical systems and patient data.
