First Cybersecurity Certification Developed for Healthcare Facilities

More healthcare facilities are falling victim to cyberattacks.

By Mackenna Moralez, Associate Editor


It has been a critical year for cybersecurity as more hospitals and other healthcare facilities have become victims to cyberattacks.  

As previously reported by Healthcare Facilities Today, Ascension confirmed a ransomware attack in May after the company detected suspicious activities on its network systems. Weeks after the attack, the organization is still working with external experts to determine if sensitive patient information was compromised.  

The cyberattack against Ascension is not the first time this has occurred in the healthcare industry, nor will it be the last. According to a report from Verizon, 525 cyber incidents took place against healthcare facilities in 2023. The report found that 98 percent of breaches were financially motivated, with 66 percent of breaches occurring externally while 35 percent were internal. Among the data compromised, 67 percent were personal, 54 percent were medical and 36 percent were credentials.  

Related: Lessons to Learn from the Ascension Ransomware Attack

To help aid in the prevention of these attacks, DNV has launched the first cybersecurity certification for hospitals, the Advanced Healthcare Cybersecurity Certification. It aims to help healthcare professionals better identify and address gaps and areas for improvement in their security systems.  

The certification focuses on comprehensive security risk management in the hospital environment, encompassing cybersecurity, privacy, automation, AI and the Internet of Medical Things (IoMT).  

To achieve full Advanced Healthcare Cybersecurity Certification, hospitals must comply with program requirements which include: 

  • Quality management system – plan and develop the processes needed for cybersecurity risk management service delivery 
  • Program management – The personnel working in the AHCC program are appropriately trained and meet all applicable rules, codes and guidelines 
  • Medical staff management – The AHCC leadership shall determine specific quality performance data 
  • Staffing management – AHCC leadership shall provide continuing education to staff members assigned to the program 
  • Patient rights - The organization shall inform each patient and/or legal representative of the patient’s rights in advance of providing or discontinuing care and allow the patient to exercise his or her rights consistent with regulatory statues governing patient safety, data privacy and data security 
  • Medical record service – The organization shall comply with all applicable rules, guidelines and requirements regarding medical records services, including data security 
  • Physical environment management – The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to the AHCC program requirements, including buildings, cloud storage, data, workspace, and associated utilities, process equipment, mobile devices, hardware, software, cloud services provider 
  • Advanced healthcare cybersecurity service delivery – AHCC leadership shall plan and develop the processes needed for cybersecurity risk management service delivery 

Mackenna Moralez is the associate editor for the facilities market.  



June 4, 2024


Topic Area: Information Technology , Safety , Security


Recent Posts

17 Million Patient Records Stolen in PIH Health Ransomware Attack

A ransomware attack halted operations across three of PIH’s hospitals.


Holidays are Prime Times for Healthcare Cyberattacks

A study found that 86 percent of organizations that experienced ransomware attacks were targeted on a holiday or weekend.


Hartford Healthcare Forms Partnership to Open Health Equity Clinic

The new clinic will open in January 2025.


UCHealth Reveals Plans for Memorial Hospital North Expansion

Construction on the patient tower is slated for 2026 with a projected opening to patients in 2029.


What Are 'Hospi-tels'?

Hospitals and hotels are partnering to better cater to patients and families.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.