Headed to RSA in San Francisco? May 6-9 | Join us!

Closing Out 2022: Upcoming Changes for the Healthcare Industry

As a result of the COVID 19 pandemic, telehealth skyrocketed in popularity. But, with its increase in adoption out of necessity came more security incidents and breaches- quickly becoming a target for threat actors. Prior to COVID, the equipment used for patient care was located on premise. When practicing via telemedicine, remote patient monitoring capabilities, third-party internet connections, and use of video conferencing platforms are making this industry a prime target for hackers with malicious intent. 

Telemedicine issues combined with the big shifts we are seeing in laws, threats of cyberwar, the rapid growth in ransomware threat, and more is making for a complex healthcare compliance environment and have escalated the need for advanced security measures. 

Let’s take a look at what we’ve seen so far this year and what the healthcare industry can expect in the rest of 2022.  

HITRUST i1 promotes security best practices  

The launch of the HITRUST Implemented One-Year (i1) Assessment is a game changer for the healthcare industry. The framework’s control requirements were selected to promote superior security, ensure best practices, provide assurance against moderate risk and always remain up to date. 

The HITRUST i1 is much more attainable than the HITRUST Risk-based, Two-year (r2) Assessment as it does not require overly robust security resources be in place. The HITRUST i1 will not need a significant amount of time and resources, making it much more achievable for smaller organizations or those operating with less resources.  

Cyberinsurance policies are changing. Don’t get shut out.   

Cybersecurity insurance is difficult to get and even tougher to keep! In today’s changing landscape, as the risk of a breach increases – as well as its potential cost – cyberinsurance companies are rethinking the role of compliance as they grant policies. A clean compliance report used to earn you a discount on your policy. These days, more and more insurers are denying coverage altogether for companies who can’t demonstrate compliance. That’s not just for new policies – your renewal could be at risk without an up-to-date compliance report from a respected auditor. We expect to see this trend continue as we progress through the second half of 2022 and beyond.   

Taking a proactive approach to cybersecurity   

It’s important to understand how your organization’s IT systems would hold up in a real-world attack scenario, which is quite valuable given the current global threat environment. Based on penetration tests we’ve recently conducted, it’s obvious that people aren’t taking updates seriously. In June alone, Microsoft held ‘Zero days’ and found 55 flaws.  When a large vendor, like Microsoft, has these vulnerabilities, we see an uptick in pen tests and the need to stay ahead of the curve in patch management. 

Routine pen tests (at minimum once a year) can reassure both governments and private organizations that their current safety protocols are up to date. But, for real-world protection, conducting pen tests more often will help to better protect your organization. For an extra layer of protection, organizations should consider adding a vulnerability scan to their penetration tests as well. Vulnerability scans check an organization’s network and systems for any known vulnerabilities against a database of vulnerability information. Paired alongside pen tests, organizations can more effectively enhance their security posture by taking a truly proactive approach to cybersecurity. 

Using technology to streamline compliance   

As a healthcare organization, you understand the importance of compliance certifications, continuous monitoring and cybersecurity polices and procedures. What if there was a more efficient way to conduct multiple audits and have a positive impact on revenue?  A-SCEND, A-LIGNs compliance management and audit automation software, reduces the time spent preparing for various audits and assessment, deduplicates efforts and provides a crosswalk to additional certifications.  This SaaS platform allows users to upload evidence and reuse across multiple efforts, making the audit process well-planned and efficient.   

For more information on how A-LIGN can help your organization achieve compliance, contact us today.