ABSTRACT
This chapter examines healthcare cybersecurity breaches, their impact on HCOs, and compliance strategies including risk management frameworks that can be customized to address the security needs of HCOs based on their business needs and risk appetite. As healthcare has begun its transformation towards digital care models, cybersecurity, and identity theft have increasingly become a source of frustration and concern. Protecting ePHI security is a key requirement for compliance with HIPAA privacy. However, factors such as sale and handling of ePHI to third parties for non-treatment, payment, and operations can also compromise patient privacy. Built on international basis with stricter data protection standards, the an ISO/IEC 27001 framework is designed to ensure Privacy and Security while reducing vulnerability to cyberattacks. The NIST Privacy Framework structure is analogous to the Cybersecurity Framework and makes it convenient to develop a crosswalk between the two. Lastly, the chapter covers technological advancements that present technically viable options for cybersecurity.
