• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Healthcare’s Cybersecurity Overhaul: Navigating the New Federal Security Standards for Hospitals

by Dr. Scott Schell, Chief Medical Officer, Cognizant 06/09/2025 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Healthcare's Cybersecurity Overhaul: Navigating the New Federal Security Standards for Hospitals
Dr. Scott Schell, Chief Medical Officer, Cognizant

As cyber threats become increasingly sophisticated, proposed updates to federal healthcare cybersecurity standards have reignited debate across the industry. Introduced in December 2024, these regulations represent the first significant update to the Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule, aiming to address the advent of AI, quantum computing and virtual reality. These changes mandate that HIPAA-covered entities encrypt data, implement multifactor authentication and conduct regular security audits. Additionally, they require written procedures to restore critical information systems and data within 72 hours of a security incident.

The comment period for the proposed rule closed in early March 2025, with more than 4,000 responses submitted. The healthcare sector is watching closely, yet even as the future of the rule remains uncertain, one thing is clear: cyberattacks are not waiting on legislation. The pressure to modernize cybersecurity infrastructure is mounting, and hospitals, especially smaller ones, face real challenges in doing so cost-effectively. The Department of Health and Human Services (HHS) estimates that the first-year costs of complying with the new standards will total approximately $9 billion, with annual costs for years two through five estimated at $6 billion. 

Large regional or multi-state healthcare systems have robust IT departments, which small hospitals cannot afford. Even the largest healthcare systems struggle with limited access to IT talent while their staff must maintain daily operations. How can these systems comply with new federal standards?

How Healthcare Systems Can Implement the New Standards

  1. Staff Augmentation: Healthcare providers can bolster their IT departments with flexible staffing solutions, ensuring they have the necessary resources to implement and maintain the new security standards. For example, hospitals may work with managed service providers (MSPs) to bring in specialized security staff, hire health IT consultants for short-term projects or tap freelance talent for help with specific needs like network security, compliance audits or cloud migration. This approach allows healthcare providers to scale their IT workforce as needed and tap into global talent pools to fill skill gaps and resource constraints. Staff augmentation gives access to a large pool of skilled professionals with specific healthcare industry experience, which is particularly helpful for addressing short-term talent needs, fulfilling skill gaps on projects or executing time-sensitive tasks tied to compliance deadlines.
  2. Advanced Tools and Technologies: Using advanced IT security and AI technologies can enhance cybersecurity measures, protect patient information and ensure compliance with the new regulations. Tools like AI-driven threat detection systems, for example, can monitor network activity and flag anomalies in real time to reduce the burden on overstretched IT teams. Automated response mechanisms have the ability to contain breaches faster, while advanced encryption technologies can safeguard sensitive information, as required by the proposed regulations. For hospitals with limited in-house expertise, AI can improve patient care and streamline administrative processes. The HHS Strategic Plan emphasizes the responsible use of AI to improve health outcomes, increase access to services and optimize public health.
  3. Program Management and Testing: Effective program management and testing services are the key to smooth implementation and compliance of these new regulatory standards. This includes developing and maintaining a technology asset inventory, conducting regular security audits and ensuring all systems are up to date with the latest security protocols. Prioritizing regular testing and validation of security measures can help identify vulnerabilities and provide robust protection against cyber threats. Healthcare providers should implement formal risk assessment frameworks to uncover weak points before they can be exploited. Tabletop exercises and incident response simulations can help clinical and IT teams practice coordinated responses to cyberattacks, driving accountability and minimizing downtime if a real scenario occurs. 
  4. Resilience and Continuity: A robust service provider with a proven track record of providing disaster recovery services is essential for helping healthcare systems bounce back and minimize disruptions during a cyber incident. Comprehensive disaster recovery plans should include data backup strategies, system restoration procedures and contingency plans to ensure business continuity during and after a cyberattack. These plans should also account for any communication protocols to reduce confusion and delays during response efforts. Effective disaster planning provides several benefits designed to account for a healthcare organization’s overall recoverability and resiliency.

The new federal cybersecurity standards pose formidable challenges but are necessary steps toward safeguarding patient information and ensuring the resilience of healthcare infrastructure. Adopting these changes will enable healthcare providers to leverage advanced technologies and comprehensive services, allowing them to forge ahead with their mission of delivering quality patient care. 


About Dr. Scott Schell

Dr. Scott Schell is a senior executive, surgeon and healthcare futurist with more than 30 years of experience in the healthcare, biotech and technology sectors both in the United States and globally. During his career, he has led the development and implementation of large-scale population health and predictive analytics platforms at organizations including Alere, the Cleveland Clinic and UPMC. He has founded and exited five healthcare startups, as well as served as managing partner for a private equity firm with a portfolio of digital health assets.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Cybersecurity

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Virta Health CEO: GLP-1s Didn’t Kill Weight Watchers, Its Broken Model Did

Most-Read

Moving Beyond EHRs: What Lies Ahead for Healthcare Digitization?

AI Agents vs. Chatbots: Understanding Agentic AI’s Role in Healthcare

AI Breakthrough Reveals 2025 AI Breakthrough Award Winners

AI Breakthrough Reveals 2025 AI Breakthrough Award Winners

Healthcare's Big Blind Spot: The Measurement Crisis in Inpatient Psychiatry

Healthcare’s Big Blind Spot: The Measurement Crisis in Inpatient Psychiatry

Lessons Learned from The Change Healthcare Cyberattack, One Year Later

Lessons Learned from The Change Healthcare Cyberattack, One Year Later

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Omada Health Launches "Nutritional Intelligence" with AI Agent OmadaSpark

Omada Health Soars in NASDAQ Debut, Signaling Digital Health IPO Rebound

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |