NIST revises healthcare guidance to improve HIPAA Security Rule compliance

The National Institute of Standards and Technology (NIST) has updated its healthcare cybersecurity guidance, with a greater emphasis on risk management and enterprise risk management concepts. The guidance aims to inform the industry about security issues related to electronic protected health information (ePHI), within the context of the HIPAA Security Rule. It also addresses the challenges posed by telehealth, telemedicine, cloud services, and mobile device technology. The guidance includes resources to help healthcare organizations protect ePHI from ransomware and phishing. The US Department of Health and Human Services has observed an increase in cyberattacks on healthcare organizations.