Hack Reports - Latest Cybersecurity News, Trends & Updates

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Geetansh -

Latest News on HIPAA Cybersecurity Requirements 2025

1. Proposed Update to HIPAA Security Rule
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a proposed update to the HIPAA Security Rule, which has not been changed since 2013. This update aims to modernize the required cybersecurity practices of covered entities and their business associates4.

1. Increased Frequency and Sophistication
Ransomware attacks in the healthcare sector are expected to become more frequent and sophisticated in 2025. These attacks often use encryption as a distraction while targeting data integrity or exfiltrating sensitive information. There is also a trend of attackers skipping the encryption phase and stealing data through exfiltration, then sending a ransom demand5.

2. Recent Incidents
In 2024, nearly 400 U.S. healthcare organizations reported incidents linked to ransomware operators like LockBit 3.0, ALPHV/BlackCat, and BianLian3. The recent ransomware attack on St. Louis-based Ascension disrupted its IT systems and operations for 140 hospitals, potentially exposing protected health information and personally identifiable information for some patients3.

Data Restoration Compliance in Healthcare

1. Importance of Data Backup and Recovery
To ensure compliance and mitigate the impact of ransomware attacks, healthcare organizations must implement robust data backup and recovery strategies. This includes air-gapped backups stored offline, immutable storage systems, and regular testing of backup and recovery procedures5.

2. Regulatory Compliance
Managed IT services play a crucial role in ensuring compliance with HIPAA regulations. These services help healthcare providers perform audits, report, and implement security measures per the law, thereby avoiding substantial penalties for regulatory breaches and enhancing trust from patients and stakeholders2.

Key Highlights

  • Proposed HIPAA Update: Modernizes cybersecurity practices for covered entities and business associates.
  • Ransomware Trends: Increased frequency and sophistication, including encryption as a distraction and data exfiltration.
  • Recent Incidents: Significant ransomware attacks on healthcare organizations like Ascension.
  • Data Restoration: Importance of robust backup and recovery strategies, including air-gapped backups and immutable storage.
  • Regulatory Compliance: Managed IT services ensure adherence to HIPAA regulations, avoiding penalties and enhancing trust.

These points highlight the evolving landscape of HIPAA cybersecurity requirements, the increasing threat of ransomware attacks in healthcare, and the importance of robust data restoration strategies to ensure compliance and protect sensitive patient information.