This CLE webinar will examine the challenges in HIPAA Security Rule compliance in an age of ever-increasing ransomware and cyberattacks. The panel will review the HIPAA Security Rule requirements and proposed amendments to the Rule, additional HHS agency guidance, and notable recent OCR settlements. The panel will offer best practices for cybersecurity compliance while mitigating the risk of HIPAA violations and enforcement action.
The healthcare industry continues to experience a significant rise in cyberattacks. In support of its recent release of the proposed revisions to the HIPAA Security Rule, OCR states that the number of people affected by cyberattacks every year "has skyrocketed exponentially." Since 2019, large breaches caused by hacking and ransomware have increased 89 percent and 102 percent. Despite years of HHS guidance and the agency's recent adoption of Cybersecurity Performance Goals, HHS felt it necessary to establish much of its prior guidance as regulatory requirements through the notice of proposed rulemaking released Dec. 27, 2024.
In a number of notable recent settlements, healthcare providers who were victims of ransomware attacks subsequently suffered hefty penalties for potential HIPAA violations as a result of OCR investigations triggered by the attacks. In addition to OCR enforcement, cyberattacks may trigger additional enforcement action by state Attorneys General and the expense of civil litigation. Finally, as part of its HITECH obligations, OCR announced initiation of its 2025 HIPAA Audit program targeting HIPAA Security Rule provisions.
Therefore, HIPAA covered entities and business associates should be up to date on HIPAA requirements impacting cybersecurity, including HHS' recently issued proposed changes to the HIPAA Security Rule and the latest agency guidance--e.g., HHS' and NIST's joint Cybersecurity Resource Guide and NIST's Cybersecurity Framework--to manage cybersecurity risks, remain compliant, and mitigate the risk of enforcement action.
Listen as our expert panel examines HIPAA compliance in the age of increased cyber threats. The panel will provide an overview of HIPAA requirements and the proposed HIPAA Security Rule revisions as well as the latest agency guidance. The panel will discuss lessons to be learned from notable recent settlements and offer best practices for mitigating the risk of cyber threats and possible subsequent enforcement actions.
