A set of new requirements proposed by the US Department of Health and Human Services’ (HHS) Office for Civil Rights could bring healthcare organizations up to par with modern cybersecurity practices. The proposal, posted to the Federal Register on Friday, includes requirements for multifactor authentication, data encryption and routine scans for vulnerabilities and breaches. It would also make the use of anti-malware protection mandatory for systems handling sensitive information, along with network segmentation, the implementation of separate controls for data backup and recovery, and yearly audits to check for compliance.
HHS also shared a
→ Continue reading at Engadget
