On the HIMSS 2025 cybersecurity pre-conference discussion board on March 3, a panel mentioned privateness requirements for safe and interoperable well being information. Hannah Galvin, CMIO with Cambridge Well being, moderated the panel. Final yr’s Change Healthcare breach shortly got here up. This was a sport changer, the panel indicated.
“That exact ransomware assault was because of a vulnerability on a really generally used distant entry device,” Alex Enriquez, cybersecurity resolution lead with Avanade, Inc., talked about. “Quite a lot of us, all of us, had been impacted by COVID.” The query then was: How can we get folks entry to the group whereas not touring? That’s the place MFA (multi-factor authorization) got here in.
Erika Riethmiller, VP and chief privateness officer with UCHealth, famous that healthcare is such a goal for attackers. “Not having an incident response plan on the privateness aspect of issues is just not acceptable anymore,” she cautioned. Riethmiller informed the viewers that her group nonetheless feels the downstream results of a 2023 assault.
We’d like necessities, Riethmiller reiterated about the brand new safety rule discover of proposed rulemaking (NPRM) launched in December by the Well being Division of Human Providers (HHS). “The modification was massively highly effective from a privateness perspective. After we reply to HHS inquiries about breaches, notorious releases, and disclosures, we routinely submit a one-pager about how we adjust to the NIST cybersecurity framework.
