First Cybersecurity Certification Developed for Healthcare Facilities

More healthcare facilities are falling victim to cyberattacks.

By Mackenna Moralez, Associate Editor


It has been a critical year for cybersecurity as more hospitals and other healthcare facilities have become victims to cyberattacks.  

As previously reported by Healthcare Facilities Today, Ascension confirmed a ransomware attack in May after the company detected suspicious activities on its network systems. Weeks after the attack, the organization is still working with external experts to determine if sensitive patient information was compromised.  

The cyberattack against Ascension is not the first time this has occurred in the healthcare industry, nor will it be the last. According to a report from Verizon, 525 cyber incidents took place against healthcare facilities in 2023. The report found that 98 percent of breaches were financially motivated, with 66 percent of breaches occurring externally while 35 percent were internal. Among the data compromised, 67 percent were personal, 54 percent were medical and 36 percent were credentials.  

Related: Lessons to Learn from the Ascension Ransomware Attack

To help aid in the prevention of these attacks, DNV has launched the first cybersecurity certification for hospitals, the Advanced Healthcare Cybersecurity Certification. It aims to help healthcare professionals better identify and address gaps and areas for improvement in their security systems.  

The certification focuses on comprehensive security risk management in the hospital environment, encompassing cybersecurity, privacy, automation, AI and the Internet of Medical Things (IoMT).  

To achieve full Advanced Healthcare Cybersecurity Certification, hospitals must comply with program requirements which include: 

  • Quality management system – plan and develop the processes needed for cybersecurity risk management service delivery 
  • Program management – The personnel working in the AHCC program are appropriately trained and meet all applicable rules, codes and guidelines 
  • Medical staff management – The AHCC leadership shall determine specific quality performance data 
  • Staffing management – AHCC leadership shall provide continuing education to staff members assigned to the program 
  • Patient rights - The organization shall inform each patient and/or legal representative of the patient’s rights in advance of providing or discontinuing care and allow the patient to exercise his or her rights consistent with regulatory statues governing patient safety, data privacy and data security 
  • Medical record service – The organization shall comply with all applicable rules, guidelines and requirements regarding medical records services, including data security 
  • Physical environment management – The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to the AHCC program requirements, including buildings, cloud storage, data, workspace, and associated utilities, process equipment, mobile devices, hardware, software, cloud services provider 
  • Advanced healthcare cybersecurity service delivery – AHCC leadership shall plan and develop the processes needed for cybersecurity risk management service delivery 

Mackenna Moralez is the associate editor for the facilities market.  



June 4, 2024


Topic Area: Information Technology , Safety , Security


Recent Posts

States Move Forward to Better Protect Senior Citizens

Senior citizens are among the most vulnerable population and require a certain level of care. States are trying to protect them.


Archer and REDA to Transform Newport Beach Building into Outpatient Center

Groundbreaking on the Newport Irvine Medical Center is scheduled for June 2025.


Sunflower Medical Group Facing Lawsuit Following January Data Breach

The lawsuit seeks a jury trial, damages, expanded credit monitoring services and security improvements at Sunflower Medical Group.


Nemours Children's Health Opens New Location in Lake Nona

The nearly 8,000-square-foot facility will increase access to primary and specialty care services.


Enhancing Safety at Hennepin Healthcare with a Screening System

Case study: The system was able to detect 2,500 risk items in less than five months.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.