{"id":104113,"date":"2025-01-21T12:36:35","date_gmt":"2025-01-21T20:36:35","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=104113"},"modified":"2025-03-10T15:07:17","modified_gmt":"2025-03-10T19:07:17","slug":"hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/","title":{"rendered":"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps"},"content":{"rendered":"<p>Let\u2019s be honest. The last few years in healthcare security have been downright rough. Healthcare data is so valuable on the black market and too easy to hold hostage via ransomware. It shouldn\u2019t be surprising that big changes are needed \u2013 especially since changes to HIPAA compliance haven\u2019t happened in 12 years.<\/p>\n<p>We all know why&#8230; But in case you don\u2019t, HHS and Forescout have some facts for you to ponder:<\/p>\n<h4>HHS:<\/h4>\n<ul>\n<li>Large breaches in healthcare increased by 102% from 2018 to 2023<\/li>\n<li>In 2023 alone, breaches affected 167 million individuals or nearly half of the U.S. population<\/li>\n<\/ul>\n<h4><a href=\"\/blog\/medical-device-risk-management\/\">Forescout Research \u2013 Vedere Labs<\/a>:<\/h4>\n<ul>\n<li>IoT devices, including IoMT assets, had a 136% increase in vulnerabilities YoY<\/li>\n<li>In 2022, we discovered 7,000 exposed medical systems on the internet, including PACS, healthcare integration engines, electronic health records, medication dispensing systems, and medical image printers.<\/li>\n<li>In 2024, we found 225 medical dispensing systems exposed to the internet \u2013 up 23% from 2022<\/li>\n<\/ul>\n<div style=\"margin: 10px 0 10px 0; border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 10px 0 10px 0;\">\n<h4>Need help today? Get our latest guide &#8220;How to Achieve Compliance Alignment with HIPAA&#8221;.<\/h4>\n<p class=\"u-display-flex u-flex-wrap u-gap\"><a href=\"\/guide-achieve-hipaa-compliance-with-forescout\/\"  title=\"Get the Guide Now\" class=\"c-btn c-btn--primary has-icon icon-arrow-right icon-position-right has-icon-animation icon-animation-fade-in\" target=\"_blank\"><span class=\"cta-button-text\">Get the Guide Now<\/span><\/a>\n<\/div>\n<p>&nbsp;<\/p>\n<h2>Latest Proposed Amendments to HIPAA<\/h2>\n<p>On January 6, 2025, the U.S. Health and Human Services Department (HHS) published a notice of proposed rulemaking (NPRM) that could make a major impact.<\/p>\n<p>HHS aims to modify the Security Standards for the Protection of Electronic Protected Health Information (\u201cSecurity Rule\u201d) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).<\/p>\n<p>The \u201cHIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information\u201d aims to revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI), according to HHS.<\/p>\n<p>These proposed changes would also increase the cybersecurity for ePHI by revising the Security Rule to address the following:<\/p>\n<ul>\n<li>Changes in the environment where healthcare is provided<\/li>\n<li>Significant increases in breaches and cyberattacks<\/li>\n<li>Common deficiencies of Security Rule compliance by covered entities and their business associates (\u201cregulated entities\u201d)<\/li>\n<li>Other cybersecurity guidelines, best practices, methodologies, procedures, and processes<\/li>\n<li>Court decisions that affect enforcement of the Security Rule.<\/li>\n<\/ul>\n<p>The security rule was last revised in 2013, so this proposal describes the most substantive changes to HIPAA to date. Which \u201cregulated entities\u201d do these amendments apply to? Health plans, healthcare clearinghouses, health providers, healthcare facilities, insurance companies, and business associates, <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/hipaa-security-rules-pull-no-punches\" target=\"_blank\" rel=\"noopener\">finds<\/a> Dark Reading.<\/p>\n<h2>Why This Is Happening Now<\/h2>\n<p>When HIPAA was created in the mid-1990s, \u201cthere was this big push to transfer medical and health records to the electronic medium\u2026and it was all about protecting patient privacy but not necessarily securing those records,&#8221; Errol Weiss, chief information security officer (CISO) of the Healthcare Information Sharing and Analysis Center (Health-ISAC) told Dark Reading.<\/p>\n<p>In addition, despite threats to ePHI rising every year, the Security Rule has not been updated since January of 2013 \u2013 a 12-year gap during which time the volume, types, and sophistication of threats have all increased substantially.<\/p>\n<p><script src=\"https:\/\/fast.wistia.com\/embed\/medias\/v36m5mmjbr.jsonp\" async><\/script><script src=\"https:\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_responsive_padding\" style=\"padding: 56.25% 0 0 0; position: relative;\">\n<div class=\"wistia_responsive_wrapper\" style=\"height: 100%; left: 0; position: absolute; top: 0; width: 100%;\">\n<div class=\"wistia_embed wistia_async_v36m5mmjbr seo=true videoFoam=true\" style=\"height: 100%; position: relative; width: 100%;\">\n<div class=\"wistia_swatch\" style=\"height: 100%; left: 0; opacity: 0; overflow: hidden; position: absolute; top: 0; transition: opacity 200ms; width: 100%;\"><img decoding=\"async\" style=\"filter: blur(5px); height: 100%; object-fit: contain; width: 100%;\" src=\"https:\/\/fast.wistia.com\/embed\/medias\/v36m5mmjbr\/swatch\" alt=\"\" aria-hidden=\"true\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>After several major attacks in 2023 and 2024 including <a href=\"\/blog\/analysis-a-new-ransomware-group-emerges-from-the-change-healthcare-cyber-attack\/\">Change Healthcare<\/a>, the government is pushing the industry to tighten up its security practices.<\/p>\n<p>New legislation has been brought forward in 2024 dubbed the Health Infrastructure Security and Accountability Act (HISAA) which would create significant new security requirements for HIPAA Covered Entities and Business Associates. Under HISAA, minimum and enhanced security requirements are on the table \u2013 and they would be developed with CISA and the Director of National Intelligence \u2013 with <a href=\"https:\/\/www.healthlawadvisor.com\/hisaa-new-federal-legislation-introduced-that-would-create-significant-new-cybersecurity-requirements-for-hipaa-covered-entities-and-business-associates\" target=\"_blank\" rel=\"noopener\">fines on the table for non-compliance<\/a>.<\/p>\n<h2>Highlights of the Proposed Rule Changes<\/h2>\n<p>While there are a multitude of new security and compliance requirements, the HIPAA Journal outlines <strong>17 key requirements<\/strong>. First, each regulated entity needs to establish a technology asset inventory and network map. This is the fundamental prerequisite to all other requirements.<\/p>\n<p>Section 164.306 of the proposed rule (Security Standards: General Rules) states that a regulated entity must identify its information systems that create, receive, maintain, or transmit ePHI and all technology assets, as defined in <strong>45 CFR 164.304<\/strong>: \u201cRegulated entities cannot understand the risks to the confidentiality, integrity, and availability of their ePHI without a complete understanding of these assets.\u201d<\/p>\n<p>The list of 17 requirements can be categorized into five main areas:<\/p>\n<ol>\n<li>Asset Insights<\/li>\n<li>Risk Analysis<\/li>\n<li>Securing and Isolating Key Network Components<\/li>\n<li>Incident Response Planning<\/li>\n<li>Compliance Audits<\/li>\n<\/ol>\n<p>Continuous and ongoing performance in all five areas form the key to success, explains <a href=\"https:\/\/www.hipaajournal.com\/hipaa-updates-hipaa-changes\/\" target=\"_blank\" rel=\"noopener\">The HIPAA Journal<\/a>:<\/p>\n<ul>\n<li><strong>Technology asset inventory and network map<\/strong> &#8211; The development and revision of a technology asset inventory and network map illustrating the movement of ePHI throughout the regulated entity\u2019s electronic information systems on an ongoing basis, but at least every 12 months.<\/li>\n<li>Risk analysis &#8211; More specific requirements for risk analysis, include: <strong>a review of the technology asset inventory and network map<\/strong>, the identification of all reasonably anticipated threats to the confidentiality, integrity, and availability of ePHI; the identification of potential vulnerabilities and predisposing conditions to the regulated entity\u2019s relevant electronic information systems; and an assessment of the risk level for each identified threat and vulnerability based on the likelihood that each identified threat will exploit the identified vulnerabilities.<\/li>\n<li>Contingency planning and security incident response &#8211; Development of written procedures for restoring data within 72 hours including restoration priority based on criticality.<\/li>\n<li>Security Rule compliance audits need to be conducted at least every 12 months<\/li>\n<li>Reviews and tests of security measures need to be conducted at least every 12 months<\/li>\n<li>Vulnerability scans \u2013 Every 6 months<\/li>\n<li>Penetration tests \u2013 Every 12 months<\/li>\n<li>Encryption \u2013 Encryption of all ePHI at rest and in transit<\/li>\n<li>Multi-factor authentication<\/li>\n<li><strong>Network segmentation<\/strong><\/li>\n<li>Anti-malware protection<\/li>\n<li>Technical safeguard for portable devices &#8211; Controls required for computer workstations extended to mobiles, tablets, and other portable devices.<\/li>\n<li>Patch management<\/li>\n<li>Unnecessary software removal<\/li>\n<li>Disable unused network ports<\/li>\n<li>Data backups<\/li>\n<li>Business associate cybersecurity \u2013 At least every 12 months<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>What the Rule Changes Mean for the Healthcare Industry: It\u2019s Not Optional<\/h2>\n<p>Clearly, the new Security Rule if implemented would beef up cybersecurity protections for electronic health information and better manage evolving threats against healthcare organizations. Moreover, it would do away with the optional element of the existing rule which states that some rules are \u201crequired\u201d while others are \u201caddressable\u201d, enabling healthcare organizations to exploit this loophole by not properly spending on the key security and compliance areas listed above.<\/p>\n<p>HHS calls out this critical change in its <a href=\"https:\/\/www.federalregister.gov\/documents\/2025\/01\/06\/2024-30983\/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information\" target=\"_blank\" rel=\"noopener\">statement<\/a>:<\/p>\n<p><em>&#8220;We are concerned that some regulated entities proceed as if compliance with an addressable implementation specification is optional. That interpretation is incorrect and weakens the cybersecurity posture of regulated entities.&#8221;<\/em><\/p>\n<h2>When Will Healthcare Stakeholders Need to Act on the NPRM?<\/h2>\n<p>Stakeholders have until March 7, 2025 to comment on the rules by visiting <a href=\"https:\/\/www.federalregister.gov\/documents\/2025\/01\/06\/2024-30983\/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information\" target=\"_blank\" rel=\"noopener\">this Federal Register<\/a> page and clicking on the \u201cSubmit a Public Comment\u201d button near the top. HHS will issue the final version of the rule afterward. Healthcare organizations should note that a compliance date will be set by HHS just 180 days after publication of the final rule. So, CIOs and CISOs should prioritize a review of the proposed requirements and perform a gap analysis in their own security and compliance posture relative to the proposed rule.<\/p>\n<p>Acting soon will also help to mitigate any fines, penalties, and\/or additional actions which the federal government may take against healthcare organizations that fail to comply with new rule once published. As The HIPAA Journal pointed out, \u201cHIPAA-regulated entities that demonstrate they have adopted recognized security practices will benefit from a decrease in the length and extent of audits and investigations of data breaches, and OCR (part of HHS) will consider recognized security practices as a mitigating factor to reduce any financial penalties that would otherwise have been applied.\u201d<\/p>\n<h2>Forescout Is Here to Help<\/h2>\n<p>When you automate cybersecurity device assessment and policy enforcement with the <a href=\"\/products\/\">Forescout Platform<\/a>, adhering to the new HIPAA Security Rule and consistently passing compliance audits become byproducts of your standard security operations.<\/p>\n<p>Forescout helps organizations build and maintain a secure network, drive a vulnerability management program, implement strong access control measures, monitor and test networks, and maintain an information security policy. You can leverage the platform for organization-wide control to track devices and their users within legacy, new and highly technical network infrastructure without reengineering the established network or disrupting services.<\/p>\n<p>The Forescout platform lets you see and monitor devices on the network, from endpoints such as PCs, laptops and printers, to medical IoT (IoMT) devices and personally owned smartphones and tablets. You can also enforce network access policies across the network hierarchy, from switches to access and distribution layers.<\/p>\n<p>Many IoMT devices are especially vulnerable since they cannot host third-party security agents, run outdated or unsupported operating systems, cannot be patched and often lack even the most basic security features. Forescout helps overcome these limitations with its agentless approach and its support for heterogeneous systems.<\/p>\n<p><strong><em>To understand the full context of today\u2019s IoMT risks in healthcare, <a href=\"\/webinars\/persistent-risk-of-connected-medical-devices-main\/\">watch this webinar<\/a>:<\/em><\/strong><\/p>\n<p><script src=\"https:\/\/fast.wistia.com\/embed\/medias\/gocoj0rfq8.jsonp\" async><\/script><script src=\"https:\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_responsive_padding\" style=\"padding: 56.25% 0 0 0; position: relative;\">\n<div class=\"wistia_responsive_wrapper\" style=\"height: 100%; left: 0; position: absolute; top: 0; width: 100%;\">\n<div class=\"wistia_embed wistia_async_gocoj0rfq8 seo=true videoFoam=true\" style=\"height: 100%; position: relative; width: 100%;\">\n<div class=\"wistia_swatch\" style=\"height: 100%; left: 0; opacity: 0; overflow: hidden; position: absolute; top: 0; transition: opacity 200ms; width: 100%;\"><img decoding=\"async\" style=\"filter: blur(5px); height: 100%; object-fit: contain; width: 100%;\" src=\"https:\/\/fast.wistia.com\/embed\/medias\/gocoj0rfq8\/swatch\" alt=\"\" aria-hidden=\"true\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<a href=\"\/webinars\/persistent-risk-of-connected-medical-devices-main\/\"  title=\"Watch the Full Webinar\" class=\"c-btn c-btn--primary has-icon icon-camera icon-position-right has-icon-animation icon-animation-pulse\"><span class=\"cta-button-text\">Watch the Full Webinar<\/span><\/a>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let\u2019s be honest. The last few years in healthcare security have been downright rough. Healthcare data is so valuable on the black market and too easy to hold hostage via ransomware. It shouldn\u2019t be surprising that big changes are needed \u2013 especially since changes to HIPAA compliance haven\u2019t happened in 12 years. We all know [&hellip;]<\/p>\n","protected":false},"author":168,"featured_media":104154,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[562],"tags":[],"coauthors":[716],"class_list":["post-104113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-views"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps - Forescout<\/title>\n<meta name=\"description\" content=\"HIPAA compliance hasn\u2019t been updated since 2013. We examine the proposed changes, deadlines, and security facts for healthcare organizations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps - Forescout\" \/>\n<meta property=\"og:description\" content=\"HIPAA compliance hasn\u2019t been updated since 2013. We examine the proposed changes, deadlines, and security facts for healthcare organizations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-21T20:36:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-10T19:07:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1201\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Rich DeFabritus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Forescout\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\"},\"author\":{\"name\":\"Rich DeFabritus\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/e7cd11005c0dd14dda03923e626be787\"},\"headline\":\"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps\",\"datePublished\":\"2025-01-21T20:36:35+00:00\",\"dateModified\":\"2025-03-10T19:07:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\"},\"wordCount\":1496,\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp\",\"articleSection\":[\"News &amp; Views\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\",\"url\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\",\"name\":\"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps - Forescout\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp\",\"datePublished\":\"2025-01-21T20:36:35+00:00\",\"dateModified\":\"2025-03-10T19:07:17+00:00\",\"description\":\"HIPAA compliance hasn\u2019t been updated since 2013. We examine the proposed changes, deadlines, and security facts for healthcare organizations.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp\",\"width\":1201,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/e7cd11005c0dd14dda03923e626be787\",\"name\":\"Rich DeFabritus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/image\/ed1106234415a6ac50d7d463e49c96b6\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b02d4561e413be541f30030a972ef58536776d4fedb6221c0c8fb67393278132?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b02d4561e413be541f30030a972ef58536776d4fedb6221c0c8fb67393278132?s=96&d=mm&r=g\",\"caption\":\"Rich DeFabritus\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps - Forescout","description":"HIPAA compliance hasn\u2019t been updated since 2013. We examine the proposed changes, deadlines, and security facts for healthcare organizations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps - Forescout","og_description":"HIPAA compliance hasn\u2019t been updated since 2013. We examine the proposed changes, deadlines, and security facts for healthcare organizations.","og_url":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_published_time":"2025-01-21T20:36:35+00:00","article_modified_time":"2025-03-10T19:07:17+00:00","og_image":[{"width":1201,"height":628,"url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp","type":"image\/webp"}],"author":"Rich DeFabritus","twitter_card":"summary_large_image","twitter_creator":"@Forescout","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#article","isPartOf":{"@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/"},"author":{"name":"Rich DeFabritus","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/e7cd11005c0dd14dda03923e626be787"},"headline":"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps","datePublished":"2025-01-21T20:36:35+00:00","dateModified":"2025-03-10T19:07:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/"},"wordCount":1496,"publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp","articleSection":["News &amp; Views"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/","url":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/","name":"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps - Forescout","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp","datePublished":"2025-01-21T20:36:35+00:00","dateModified":"2025-03-10T19:07:17+00:00","description":"HIPAA compliance hasn\u2019t been updated since 2013. We examine the proposed changes, deadlines, and security facts for healthcare organizations.","breadcrumb":{"@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#primaryimage","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp","width":1201,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/blog\/hipaa-compliance-for-healthcare-new-amendments-target-big-security-gaps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"HIPAA Compliance for Healthcare: New Amendments Target Big Security Gaps"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]},{"@type":"Person","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/e7cd11005c0dd14dda03923e626be787","name":"Rich DeFabritus","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/image\/ed1106234415a6ac50d7d463e49c96b6","url":"https:\/\/secure.gravatar.com\/avatar\/b02d4561e413be541f30030a972ef58536776d4fedb6221c0c8fb67393278132?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b02d4561e413be541f30030a972ef58536776d4fedb6221c0c8fb67393278132?s=96&d=mm&r=g","caption":"Rich DeFabritus"}}]}},"featured_media_url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/01\/Blog-HIPAA-Compliance-Share-v1-1200x628-1.webp","is_file":false,"excerpt_manually_set":false,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/104113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/168"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=104113"}],"version-history":[{"count":0,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/104113\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media\/104154"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=104113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/categories?post=104113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/tags?post=104113"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=104113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}