Omnibus Bill Addresses Healthcare Cybersecurity

by | Dec 21, 2015

New cybersecurity measures specifically for the healthcare industry have been added to the Omnibus bill signed into law by Congress late last week. The aim of their inclusion is to help healthcare organizations tackle the growing danger of cyberattacks, and supply them with the information and guidance necessary to let them to shore up their defenses, plug security gaps and make them less susceptible to cyberattacks. This new legislation is included in the Cybersecurity Information Sharing Act, passed by Congress on Friday.

One of the ways that the new legislation will assist healthcare organizations is with the formation of a new Cybersecurity Task Force. This is due to take place during the first 90 days after the introduction of the new legislation. The purpose of the task force is to assess the current cyber threats that pose a threat to the healthcare industry. The means used by cybercriminals to penetrate security defenses will be analyzed and vulnerabilities assessed. The task force will also examine how other industries are managing to repel attacks. Healthcare organizations will then be given guidance on the best actions to take to improve their defenses.

The data held by healthcare providers and insurers is highly valuable to cybercriminals, much more so than credit card numbers. Consequently, hackers have been attacking healthcare organizations with increased frequency and vigor. More sophisticated methods of attack are being formulated and the industry has been struggling to cope with the targeting. Budgetary constraints have also made it difficult for healthcare organizations to put in place appropriate defenses to deal with the rapidly changing manner of threats.

One of the main issues faced by small to medium-sized healthcare organizations is how to gain access to vital cybersecurity intelligence in real-time. Such data must be made available to healthcare organizations if cybersecurity attacks are to be effectively tackled, which means that information must be made available free of charge.

At present, only large well-funded healthcare organizations are able to gain access to this information. Smaller healthcare providers simply do not have the funds necessary to gather the required intel.

The Healthcare Information Management Systems Society (HIMSS) has played a pivotal role in getting these new provisions introduced into the legislation. HIMSS has long called for more support to be given to the healthcare industry by the government to help organizations deal with new cybersecurity threats. Numerous conversations have been held between HIMSS and the Committee of Health, Education, Labor and Pensions. A number of recommendations made by HIMSS are now due to be acted upon.

The Department of Health and Human Services will also be asked to work more closely with the Department of Homeland Security, and along with guidance from NIST, will devise a new set of cybersecurity standards and best practices for healthcare organizations to adopt. New guidelines are to be produced which will allow healthcare organizations to draw up policies to deal with the current risk of cyberattacks and secure the Protected Health Information of patients more effectively.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy