The US Department of Health and Human Services (HHS) is planning comprehensive efforts to enhance cybersecurity in the healthcare sector. These include setting voluntary cybersecurity performance goals, seeking legislation for incentive payments and tougher enforcement, and creating a ‘one-stop shop’ for sector cybersecurity support. The department is also working to incorporate these actions into existing regulations and will propose new cybersecurity requirements under Medicare, Medicaid, and HIPAA in 2024.

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted