Healthcare’s Monthly Cyber Briefing

The Return of OCR Audits: What It Means and How to Prepare for Potential Action 

The Office for Civil Rights (OCR) indicated last year that they would initiate a new round of HIPAA Audits, and we have confirmation that audits are indeed happening across the healthcare industry. The 2024-2025 HIPAA Audits will review 50 covered entities’ and business associates’ compliance with selected provisions of the HIPAA Security Rule most relevant to hacking and ransomware attacks. 

Andrew Mahler, Clearwater’s Vice President of Privacy & Compliance Services and a former OCR investigator, will join Iliana Peters, a distinguished expert in data privacy and security and a former senior official at HHS, for our February Cyber Briefing. Together, they will provide insight into OCR’s goals for this new round of audits, their potential impact on the proposed updates to the HIPAA Security Rule, broader efforts to regulate healthcare cybersecurity practices, and how organizations can best prepare for the possibility of being audited. 

Andrew and Iliana’s discussion will follow Clearwater CEO Steve Cagle’s review of the latest known threats targeting healthcare organizations and other cybersecurity developments that healthcare leaders should be monitoring.  

Early 2025 Vulnerability Trends and the Future Data Encryption Risk Hackers are Betting On Now

Drawing on Clearwater’s field experience providing vulnerability management services, Clearwater Corporate CISO and CTO of Managed Security Services team Steve Akers will share our latest insight on the key issues that healthcare organizations face across their diverse environments. In addition, Cybersecurity Consulting team leader Dave Bailey will discuss harvest now decrypt later (HNDL) attacks and how organizations should be thinking about this emerging risk.

These topics will follow Steve Cagle’s review of new threats and regulatory developments over the past month and recommendations for how to respond.

Lessons From the Field: Cybersecurity Trends Across the Healthcare Ecosystem

From attacks on hospitals that have disrupted operations for weeks to attacks on suppliers that have halted the critical flow of blood across an entire region of the country and the flow of financial information across much of the industry, healthcare’s cybersecurity practices and resiliency have been put to the test in a very profound way over the past year. While teams have risen to the challenge heroically time and again, the events of the last 12 months have underscored some important realities that every healthcare organization must face:

• We function as an interconnected ecosystem and an attack on one entity can quickly impact thousands of others
• The rapid recoverability of IT resources is vital to safeguarding patient care

Our April Cyber Briefing will feature an expert panel of senior Clearwater consultants who work across the healthcare ecosystem. They will share lessons learned from their work with hospitals and health systems, physician practice management groups, and healthcare technology companies and discuss cybersecurity trends we are seeing in different sectors that can have ripple effects across the industry.

The discussion will be moderated by Clearwater CEO Steve Cagle and follow Steve’s review of the latest cybersecurity threats and regulatory developments impacting healthcare organizations.

Alliance Agenda: A Discussion on HSCC’s Vision for Advancing Healthcare Cybersecurity

On April 2nd, Gregory Garcia, Executive Director of the Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, testified before the House Energy & Commerce Oversight Subcommittee. The message: Real progress in cybersecurity requires robust public-private collaboration toward smarter, more effective cyber policy where government and industry work together to strengthen healthcare’s digital resilience and patient safety. Shortly after, HSCC released Forward Path 2025, a coordinated set of recommendations that offer a constructive alternative to the HIPAA NPRM and a roadmap for federal support of cybersecurity in healthcare. Join Lisa Munro, Director of Marketing at Clearwater, and former HHS 405(d) Engagement Lead as she sits down with Garcia for a candid conversation about the future of healthcare cybersecurity policy. This discussion promises to provide an in-depth look at the intersection of government action and industry innovation, exploring what recent developments mean for the sector and how stakeholders can navigate the changing landscape.  

Their conversation will follow Steve Cagle’s monthly review of the latest cybersecurity threats and regulatory developments impacting the healthcare sector.

Info coming soon!

Info coming soon!

Info coming soon!

Info coming soon!

Info coming soon!

Info coming soon!

Info coming soon!