The U.S. Department of Health and Human Services has issued a Notice of Proposed Rulemaking to amend the Health Insurance Portability and Accountability Act’s Security Rule. The update – the first in over a decade – includes changes to definitions and a shift to all implementation specifications being “required”. Changes include improved cybersecurity measures, regular asset inventory and risk analysis, written procedures for patch management and swift notification to relevant bodies upon a security incident. The proposal remains open to public comment.
Massachusetts health firm reaches $80,000 settlement with HHS following ransomware investigation
The U.S. Department of Health and Human Services (HHS) has fined Elgon Information Systems $80,000 following a ransomware attack in 2023 that saw over 31,000
