Positive Change on the Horizon: HIPAA Security Updates for Healthcare Cybersecurity

Dorina Hamzo • February 3, 2025

In December 2024, the U.S. Department of Health and Human Services (HHS) proposed significant updates to the HIPAA Security Rule, aiming to strengthen cybersecurity in the healthcare sector.

With 67% of healthcare organizations targeted by ransomware in 2024, the updates are a necessary response to growing cyber threats. The median ransom paid was $1.5 million, excluding investigation and recovery costs, highlighting the critical need for stronger security measures(1).



The proposed changes align with best practices from frameworks like NIST, PCI, HITRUST, and SOC2. The key difference is that, under the new rule, HIPAA compliance will become mandatory for healthcare organizations. 

Key changes include:

  • Annual Asset and Network Inventory: Healthcare organizations must maintain inventories related to ePHI data movement.
  • Comprehensive Risk Analysis: More detailed risk analysis to identify vulnerabilities in electronic systems.
  • Contingency Planning: Documenting procedures to restore lost ePHI within 72 hours of an incident.
  • Mandatory Encryption: Encryption of ePHI both at rest and in transit.
  • Annual Compliance Audits: Regular audits to ensure security measures are in place.
  • Multi-factor Authentication (MFA): A requirement for systems handling ePHI.
  • Vulnerability Scanning & Penetration Testing: Scanning every six months and penetration testing annually.

Your Voice Matters

Healthcare organizations have 60 days to provide feedback before these changes are finalized. This is your opportunity to help shape the future of healthcare cybersecurity.



For more information and to submit feedback, visit HHSHIPAA Security Rule NPRM.

Need Help Adopting These Changes?

At AdviseUp, we’re here to guide you through the process of implementing these updates. Contact us today to learn how we can help your organization stay compliant and secure.

Request a consultation

Resources

Laptop with split screen: left shows academic thesis in library; right shows business data charts.

Your Major Could Make You a Great Auditor — Here’s How.

By Dorina Hamzo December 11, 2025
Think audit is just for accountants? Think again. From English to PoliSci, find out how your non-traditional major builds the critical skills modern firms need.
Businessman is handing money to another business person

Protect Healthcare Revenue Before CMS Audits Cost You

By Allyson Edwards (guest writer) December 1, 2025
Protect revenue and reduce audit risk. Learn what CMS audits cover and how healthcare organizations can strengthen documentation, oversight, and readiness.

Scaling AI Starts with SOX

By Dorina Hamzo September 21, 2025
A weak SOX foundation can derail AI innovation. Learn how to cut compliance costs and future-proof your internal controls with our free checklist.
More posts