Implementing HIPAA Compliant Cybersecurity for Healthcare SMEs using BDSLCCI Framework

 Cyberattacks on the healthcare industry have profound and far-reaching consequences, affecting patient safety, financial stability, service availability and trust in healthcare systems. Several countries have different data protection acts that are already playing an essential role in maintaining privacy, security, and trust in the digital age. A US federal law known as the Health Insurance Portability and Accountability Act (HIPAA) attempts to safeguard the confidentiality, integrity, and security of Protected Health Information (PHI and ePHI), which comprises sensitive patient data such as financial information, Social Security numbers, and medical records.  In spite of this, numerous healthcare organizations around the world are being targeted by cyberattacks.  Small and medium-sized businesses (SMEs) in particular face difficulty putting cybersecurity measures into place.  To address those concerns and the growing need for cybersecurity protections, the Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) is providing a new framework that considers the Defense in Depth (DiD) and Confidentiality, Integrity, and Availability (CIA Triad) concepts.  The author will explain how the BDSLCCI framework can be mapped to the cybersecurity needs and compliance requirements of hospitals and other SMEs in the healthcare industry.