Trustwave Research Reveals Cybersecurity Risks Threatening Patient Lives in Healthcare. Learn More

Request a Demo

Trustwave Research Reveals Cybersecurity Risks Threatening Patient Lives in Healthcare. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Strengthening Healthcare Security: Navigating HIPAA’s Latest Cybersecurity Requirements

3 Minute Read by Don White
  • Understand the Upcoming HIPAA Changes: Get a clear breakdown of the 2025 HIPAA Security Rule updates and what they mean for healthcare providers and business associates.
  • Strengthen Cybersecurity Resilience: Learn how the new regulations emphasize cyber resilience, requiring proactive measures like incident response planning and regular system updates.
  • Ensure Compliance and Minimize Risk: Discover actionable steps to meet the revised security standards, conduct risk assessments, and secure electronic protected health information (ePHI).

The Department of Health and Human Services (HHS) will be implementing sweeping and crucial updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI).

These changes aim to address modern cybersecurity threats and ensure resilience in healthcare data management. In this blog, we will explore the key updates and their implications for healthcare providers and their business associates.

HIPAA was signed into law by President Bill Clinton in 1996 to protect patients' health information and access to healthcare. HIPAA's purpose is to protect patients' personal information, improve the healthcare system, ensure patients have access to their health information, and set federal standards for protecting patient health information.

The process to update began in 2020 with a Notice of Proposed Rulemaking for the HIPAA Security Rule being introduced in December 2024 and added to the Federal Register on January 6, 2025. Then, a 60-day window for public comments on the proposed change began. It was completed on March 7, 2025, and HHS is now processing the comments, will publish the final rule, and will set a date for implementation.

The goal of HIPAA 2.0 is to improve care coordination while maintaining strong protections for sensitive substance use disorder information and to reduce administrative burdens on providers and enhance patient rights.

To accomplish these measures, HIPAA 2.0 includes several sections that address patient rights and consent, but we will focus on the proposed cybersecurity changes.

Trustwave can help your healthcare institution comply with HIPAA.

Learn More

Threat Actors Targeting Healthcare

Trustwave SpiderLabs is deeply involved in researching the cyber threats arrayed against the healthcare sector. The team’s report, Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, detailed the techniques, tactics, and procedures threat actors use to conduct attacks and how valuable these groups consider patient information.

Let’s take a look at the key changes contained in HIPAA 2.0 and what they mean.

  • Clearer Security Rules:
    • The new rules make it clear that all electronic health information needs to be protected. Whether you’re a healthcare provider or a business partner, you’re responsible for keeping this information safe.
    • This clears up any confusion from before and makes sure all security measures protect the information’s confidentiality, integrity, and availability.
  • Stronger Security Measures:
    • The updates stress the need for "reasonable and appropriate" security measures based on the latest technology and threats. The goal is to make sure these measures help you bounce back quickly from cyber incidents.
    • This fixes past misunderstandings where some thought they didn’t have to implement certain controls.
  • No More 'Optional' vs. 'Required':
    • The distinction between "optional" and "required" security measures is being removed. All standards will need to be met, ensuring a basic level of protection for everyone.
  • Focus on Resilience:
    • A new rule will require entities to consider how well their security measures help them recover from bad events. This encourages planning for recovery and continuity in the face of cyber threats. This could and should include conducting tabletop exercises and having a Digital Forensics and Incident Response plan on file.
  • Ongoing Maintenance and Updates:
    • The updates emphasize the importance of regularly reviewing, testing, and updating security measures to keep up with changing environments and technologies. Trustwave can assist with a HIPAA-based Security Maturity Assessment.

Drilling down a bit further, HIPAA 2.0 will require that Healthcare providers keep a detailed list of all their tech gadgets and create a map showing how electronic health information (ePHI) moves through their systems. This helps in spotting risks and keeping information safe.

Providers must do a more thorough job of checking for risks. This means looking at all their tech, identifying potential threats, figuring out how serious those threats are, and updating their records every year or after big changes. Trustwave’s Consulting and Professional Services team can lend a hand here with a risk assessment and business impact analysis.

A new rule requires providers to quickly apply updates and patches to their systems to protect against cybersecurity risks, and the proposal emphasizes that only authorized personnel should have access to ePHI, reducing the risk of internal threats. A Trustwave HIPAA Assessment can help identify any issues.

Providers must regularly review and document activities within their electronic systems to detect and respond to security incidents. Additionally, to minimize the supply chain risk, healthcare providers must ensure their business partners also have strong security measures in place to prevent data breaches and compliance issues.

 

What HIPAA 2.0 Will Mean for Healthcare Providers

Once implemented, the likely outcome is that providers will be handed more responsibility. Essentially, every healthcare provider and partner must ensure all electronic health information is secured, removing any previous misunderstandings about selective implementation.

The removal of the optional/required distinction means entities must meet all specified security standards, which could increase compliance efforts, especially for smaller providers. There will also be a focus on cyber resilience. Organizations will need to invest in security measures that not only prevent breaches but also ensure quick recovery and continuity of operations.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

News Compliance

Latest Intelligence

Why Strong Usernames Matter for Your Online Security
Phishing Attacks Are Evolving – Is Your Email Security Keeping Up?
Trustwave Named a Top Player in Radicati's Secure Email Market Quadrant 2025 Report

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo

Get Started with Trustwave

Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

By clicking submit below, you agree to our Terms of Use and Privacy Policy. Additionally, you consent to allow Trustwave to store and process the personal information submitted above to provide you with the content requested.