The U.S. Health and Human Services (HHS) wants to update HIPAA’s security rule for the first time in over 10 years in response to the growing cyberattacks in the healthcare industry. The proposed changes will aim to clarify instructions on securing electronic health data and require written security policies from organizations. The plan also includes a yearly update of technology asset inventories, regular risk analyses, and mandated multi-factor authentication.

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted