In the Pre-Conference Forum Cybersecurity HIMSS 2025 On March 3, a panel discussed the privacy standards for safe and interoperable health data. Hannah Galvin, CMIO with Cambridge Health, moderated the panel. The violation of the health health last year emerged quickly. This was a game change, the panel indicated.
«That particular ransomware attack was the result of vulnerability in a very commonly used remote access tool,» said Alex Enriquez, led by the cybersecurity solution with advance, Inc. «Many of us, all, we were affected by Covid.» The question was then: how do we get people to access the organization as long as they do not travel? That’s where MFA entered (multifactor authorization).
Erika Riethmiller, vice president and privacy director with Uchealth, said that medical care is a goal for attackers. «Not having an incident response plan on the privacy side of things is simply no longer acceptable,» he warned. Riethmiller told the audience that his organization still feels the effects downstream of a 2023 attack.
We need requirements, Riethmiller reiterated on The new notice of the security rule of the proposed regulation (NPRM) Introduced in December by the Department of Human Health Services (HHS). “The amendment was enormously powerful from a privacy perspective. When we respond to HHS consultations about infractions, infamous versions and revelations, we automatically present a unger on how we comply with the NIST cybersecurity frame.
