Naomi Diaz reports:
The American Hospital Association said HHS’ plan to levy financial penalties in the event of a cyberattack on a healthcare organization would be counterproductive.
In a Dec. 6 statement, the AHA said it is advocating for the HHS to review its proposal that requires healthcare organizations to be compliant with new cybersecurity requirements and imposes financial penalties for noncompliance.
“The AHA cannot support proposals for mandatory cybersecurity requirements being levied on hospitals as if they were at fault for the success of hackers in perpetrating a crime,” AHA President and CEO Rick Pollack said in the statement. “Imposing fines or cutting Medicare payments would diminish hospital resources needed to combat cyber crime and would be counterproductive to our shared goal of preventing cyberattacks.”
On Dec. 6 the HHS released a concept paper that outlined a new cybersecurity strategy aimed at enhancing the security of the healthcare sector.
Read more at Becker’s Health IT.
So the AHA doesn’t want hospitals to be held accountable if they fail to deploy security measures that they should deploy or if they fail to timely patch and a breach results? Even if their failures were directly exploited by hackers and did result in the success of hackers?