The agency has issued proposed draft recommendations to guide incorporation of cybersecurity protections into medical devices at the time of manufacture.
Medical information is especially valuable to data thieves for a number of reasons.
The biggest security risk is that legacy systems have no vendor support, putting them at heightened risk for cyberattacks.
Hackers target vulnerabilities using legitimate software packages, a cybersecurity specialist says.
Many healthcare providers are unclear as to when a request is made by an individual pursuant to a HIPAA authorization versus a HIPAA access request, particularly when a patient wants records to be sent to a third party, a HIPAA compliance officer at a law firm explained.
Regardless of the challenges a smaller group might have, a risk assessment is a baseline for any HIPAA program. The cost of this assessment is considerably less than a HIPAA fine.