We previously wrote about the new proposed cybersecurity incentive law, HR 7898, that is aimed at making the healthcare industry more focused on keeping patient information secure. But what stemmed talks for the new law? Over the course of the last year, hackers have exploited the coronavirus pandemic to send phishing emails, also known as click bait, seemingly from government agencies providing COVID updates. And then there was the SolarWinds hack that targeted the government agencies themselves. All of this pointed to the need to pass federal legislation regarding cybersecurity. To provide healthcare organizations with an overview of the cybersecurity landscape, 2021 healthcare cybersecurity is discussed.
What to Expect for 2021 Healthcare Cybersecurity
In light of the recent uptick in cyberattacks, the Biden administration announced that it would devote $10 billion to improve federal information technology. Although the plan does not specifically mention healthcare cybersecurity, many of the healthcare breaches occurring in 2020 were the result of the SolarWinds hack that targeted both the public and private sectors of the economy.
President Biden is asking Congress for the following:
- Improvement and expansion of the Technology Modernization Fund
- Expert hires for cybersecurity technology and engineering
- Investment in Technology Transformation Services in the General Services Administration
- Improving incident response and security monitoring
These proposals will not only help improve the cybersecurity of federal agencies, but will also trickle down to other sectors including the healthcare industry. Ultimately, what will have the biggest impact on healthcare cybersecurity is the passing of the new HIPAA Safe Harbor, HR 7898.
“This legislation is helpful in that it encourages, but does not mandate, covered entities and business associates to adopt more comprehensive frameworks. HHS’ Office for Civil Rights would then take this into account as a show of information security good faith,” stated privacy attorney Adam Greene of the law firm Davis Wright Tremaine
“The bill seems likely to encourage CEs or BAs to adopt more robust information management programs. A covered entity or business associate that chose to implement the NIST or other cybersecurity framework would likely be looking at additional and more enhanced processes and security measures to align its practices with these recognized practices, above and beyond what HIPAA requires, and provide an additional defense in the event of a security incident or breach,” stated Regulatory attorney Krystyna Monticello of the law firm Attorneys at Oscislawski.
