Priya Patel
TLDR:
Key Points:
- Focusing on meeting HHS’ essential and enhanced cybersecurity performance goals is crucial for healthcare sector entities.
- The fiscal 2025 budget proposal by the Biden administration allocates $1.3 billion towards health sector cybersecurity.
Why HHS’ Cybersecurity Goals Aren’t Necessarily Voluntary
An article published by Marianne Kolbasuk McGee discusses the importance of healthcare organizations in meeting the “voluntary” essential and enhanced cybersecurity performance goals set by the Department of Health and Human Services (HHS). Kate Pierce from Fortified Heath Security emphasizes the significance of achieving these goals before they become regulatory mandates. The fiscal 2025 budget proposal by the Biden administration, allocating $1.3 billion towards health sector cybersecurity, is seen as a boost for cash-strapped healthcare entities to begin implementing the recommended standards. The essential cybersecurity performance goals include multiple aspects such as mitigating known vulnerabilities, using email security, multifactor authentication, encryption, and more. Meeting these goals is essential to protect the healthcare sector from cyber threats and potential regulatory consequences.
Pierce suggests that entities should focus on achieving the minimum standards set by HHS to ensure cybersecurity readiness and resilience. Additionally, HHS is expected to transition these voluntary standards into regulatory requirements in the coming years, making it essential for healthcare organizations to start working on meeting the set goals. By working collectively to meet these standards, the healthcare sector can reduce its attractiveness as a target for cybercriminals and enhance its overall cybersecurity posture.
