Notifications
Clear all
Topic starter
22/01/2026 4:20 pm
Executive Summary
In 2025, significant changes to the HIPAA Security Rule are poised to transform compliance for healthcare organizations. The U.S. Department of Health and Human Services (HHS) has proposed new requirements to address increasing cyber threats. Key highlights include mandatory multi-factor authentication (MFA), continuously updated asset inventories, and ongoing risk assessments. Security teams must shift towards real-time, risk-based operations to meet these upcoming standards and protect sensitive patient data effectively.
👉 Read the full article from Axonius here for comprehensive insights.
Main Highlights
Overview of Proposed Changes
- The HHS is updating the HIPAA Security Rule for the first time in 20 years to counteract rising cyber threats.
- Changes aim to enforce more stringent security measures across healthcare facilities and business associates.
Mandatory Multi-Factor Authentication (MFA)
- New regulations will require all healthcare providers to implement MFA as a standard security protocol.
- This step is critical in enhancing the protection of electronic protected health information (ePHI).
Asset Inventory Management
- Healthcare entities must maintain continuously updated asset inventories to identify and address potential security vulnerabilities.
- An accurate inventory is essential for effective risk management and compliance.
Ongoing Risk Assessments
- Organizations will be mandated to conduct ongoing risk assessments rather than one-off evaluations.
- Continuous evaluation helps in adapting quickly to emerging security threats and ensuring compliance with new rules.
Elimination of Unauthorized Software
- The guidelines will push for the removal of extraneous or unauthorized software to mitigate risks associated with cyber threats.
- Ensuring that all software used is legitimate is essential for safeguarding patient data.
👉 Access the full expert analysis and actionable security insights from Axonius here.
