Industry Continues to Push Back on HIPAA Security Rule Overhaul
Healthcare cyberattacks are on the rise, but industry organizations say the proposed changes to the security rules fall short of what's needed.
The Proposal tag covers proposals that could shape cybersecurity policy, technical standards, incident response, and protections for digital systems.
Search across headline titles and summaries.
Background for this topic.
A proposal is a documented plan for introducing, changing, or funding a security measure, policy, architecture, or project. It turns a problem or requirement into a decision by defining scope, objectives, options, cost, dependencies, owners, and implementation criteria. In security reporting, it may cover a vulnerability-remediation plan, access-control redesign, security tooling purchase, or response to a proposed technical standard.
Its security value depends on connecting identified threats and vulnerabilities to specific controls and verification steps. Reviewers should examine assumptions about assets, trust boundaries, data handling, and third parties; privacy and regulatory constraints where personal data is involved; and plans for testing, rollout, monitoring, exception handling, and reassessment. A proposal that omits residual risk, ownership, measurable acceptance criteria, or maintenance can leave weaknesses unresolved after approval.
Weekly headline count for the current query.
Healthcare cyberattacks are on the rise, but industry organizations say the proposed changes to the security rules fall short of what's needed.
The proposed restructuring plan would address many concerns related to the social media platform, but risks remain for security teams.
Healthcare and IT security practitioners worry some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment.
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
The changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.
While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing.
FCC Chairwoman Jessica Rosenworcel proposed "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.
The proposed rules codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber risk management plans.
The hotel giant will be held to higher security standards in a series of proposed requirements, including implementing a new annually reviewed security program.
An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence.
Privacy concerns see the proposed digital identity system paused until February.
US government organizations responsible for making sure healthcare products are safe and effective have proposed rules and are soliciting industry feedback regarding artificial intelligence and machine learning.
A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response.
The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous.
Tailor your business project proposal to suit the language your company's CISO speaks, be it business, technical, or compliance. Do your research first and gather support from around the company.
The proposed attestation form is meant to help secure the software chain and formalizes the role of the SBOM as the first line of defense.
Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes.
If the proposed rule is approved, organizations would need to disclose all data breaches, even one that does not cause any harm, to affected customers.
The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.