First Cybersecurity Certification Developed for Healthcare Facilities

More healthcare facilities are falling victim to cyberattacks.

By Mackenna Moralez, Associate Editor


It has been a critical year for cybersecurity as more hospitals and other healthcare facilities have become victims to cyberattacks.  

As previously reported by Healthcare Facilities Today, Ascension confirmed a ransomware attack in May after the company detected suspicious activities on its network systems. Weeks after the attack, the organization is still working with external experts to determine if sensitive patient information was compromised.  

The cyberattack against Ascension is not the first time this has occurred in the healthcare industry, nor will it be the last. According to a report from Verizon, 525 cyber incidents took place against healthcare facilities in 2023. The report found that 98 percent of breaches were financially motivated, with 66 percent of breaches occurring externally while 35 percent were internal. Among the data compromised, 67 percent were personal, 54 percent were medical and 36 percent were credentials.  

Related: Lessons to Learn from the Ascension Ransomware Attack

To help aid in the prevention of these attacks, DNV has launched the first cybersecurity certification for hospitals, the Advanced Healthcare Cybersecurity Certification. It aims to help healthcare professionals better identify and address gaps and areas for improvement in their security systems.  

The certification focuses on comprehensive security risk management in the hospital environment, encompassing cybersecurity, privacy, automation, AI and the Internet of Medical Things (IoMT).  

To achieve full Advanced Healthcare Cybersecurity Certification, hospitals must comply with program requirements which include: 

  • Quality management system – plan and develop the processes needed for cybersecurity risk management service delivery 
  • Program management – The personnel working in the AHCC program are appropriately trained and meet all applicable rules, codes and guidelines 
  • Medical staff management – The AHCC leadership shall determine specific quality performance data 
  • Staffing management – AHCC leadership shall provide continuing education to staff members assigned to the program 
  • Patient rights - The organization shall inform each patient and/or legal representative of the patient’s rights in advance of providing or discontinuing care and allow the patient to exercise his or her rights consistent with regulatory statues governing patient safety, data privacy and data security 
  • Medical record service – The organization shall comply with all applicable rules, guidelines and requirements regarding medical records services, including data security 
  • Physical environment management – The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to the AHCC program requirements, including buildings, cloud storage, data, workspace, and associated utilities, process equipment, mobile devices, hardware, software, cloud services provider 
  • Advanced healthcare cybersecurity service delivery – AHCC leadership shall plan and develop the processes needed for cybersecurity risk management service delivery 

Mackenna Moralez is the associate editor for the facilities market.  



June 4, 2024


Topic Area: Information Technology , Safety , Security


Recent Posts

Mold Matters: Strategies for Prevention and Remediation

Understanding how to detect mold early, assess its risks and implement effective mitigation is essential to ensure a safe environment.


The Queen's Health Systems Acquires Behavioral Hospital from Sutter Health Pacific

It will connect the behavioral health hospital with a broader continuum of local care.


The Impact of Lighting on Aesthetics and Atmosphere in Healthcare

Lighting manufacturers discuss how lighting affects the look and feel of healthcare facilities.


Nearby Explosion Damages Avera St. Anthony's Hospital in Nebraska

No major injuries to patients or employees were reported.


Baptist Memorial Hospital-Collierville to Begin Expansion Project Construction

The expansion for the ICU is expected to be complete in the fall of 2025, with the emergency department to be complete a few months after.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.