Healthcare cybersecurity faces its most significant regulatory transformation since HIPAA's inception. The proposed HIPAA security rule represents a substantial expansion in technical controls, introducing requirements for comprehensive medical device inventories, PHI data flow mapping, universal encryption and expanded third-party risk attestations. These changes reflect the evolution from protecting healthcare data internally to defending against nation-state actors and organized crime. While aspirational in scope, the proposed regulations address critical gaps in current healthcare security postures, requiring organizations to move beyond basic compliance toward comprehensive risk management and governance frameworks that can effectively prioritize limited resources.

This session will cover:

• Key technical control expansions including inventory management and encryption requirements;
• Third-party risk attestation challenges and organizational governance strategies;
• Practical implementation approaches prioritizing PHI data flows and high-risk assets.