HHS Office of Civil Rights not ready for healthcare cyberthreat: Report

The HHS Office of Civil Rights is unprepared for the growing healthcare cybersecurity threat, information security experts and officials told Politico in an Aug. 28 story.

The office has a "shoestring budget" of $38 million for 2022, roughly the cost of 20 MRI machines, and "fewer investigators than many local police departments," Politico reported. OCR is also stretched thin by its dual goal of enforcing HIPAA and helping healthcare organizations protect themselves against cyberthreats.

"They're a fish out of water. … They were given the role of enforcement under HIPAA but weren't given the resources to support that role," Mac McMillan, CEO of healthcare cybersecurity firm CynergisTek, told the news outlet.

OCR acting director Melanie Fontes Rainer told Politico her investigators are "under incredible resource constraints and incredibly overworked." The Biden administration has requested a nearly 60 percent budget increase in fiscal 2023, to $60 million, which would enable the agency to bring on 37 new investigators.

Advocates, including health systems, have asked for more funding for cyber programs and help developing information security workers, rather than simply increasing enforcement against hospitals for breach-related HIPAA violations, the story noted.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars