Preparing for Updated HIPAA Security Requirements


            By Erik Eisen, CEO of CTI Technical Services



            Whether it’s implemented as proposed or with modifications based on stakeholder comments, the HIPAA
            Security Rule will be overhauled by 2026—the first major update since 2013.

            Cyberattacks have reached unprecedented levels in both volume and sophistication since the HIPAA
            Security Rule was first implemented 20 years ago. In 2013, healthcare organizations experienced just
            269 data breaches compared to 725 in 2023. According to the Office of Civil Rights (OCR), hacking-
            related data breaches against healthcare organizations increased 239% between January 1, 2018, and
            September 30,  2023,  while  ransomware  attacks  increased  278% over  the same  period. The  largest
            healthcare  attack  in  history  occurred  just  one  year  ago  when  approximately  190  million  individuals,
            roughly 57% of the U.S. population, were affected by the Change Healthcare breach.

            With  cybersecurity  risks  at  an all-time  high,  few  in  the  industry  question  the  need  to  modernize  the
            regulations. However, even if OCR modifies the final rule to address concerns expressed during the
            public comment period, compliance will be a heavy lift for many healthcare organizations. That reality,
            coupled with the common-sense need for robust security around protected health information (PHI) and
            other patient data, means healthcare organizations must take steps toward compliance now.







            Cyber Defense eMagazine – September 2025 Edition                                                                                                                                                                                                          69
            Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.