KaufmanIT

Healthcare Providers: Use the Rest of 2025 to Get Your Cybersecurity House in Order

By Matthew Kaufman August 6, 2025
healthcare-providers-cybersecurity-house-in-order

As a healthcare provider, are you aware of the following public list? HHS Breach List

As you can see, it’s a database you never want your organization’s name to appear in.

To push all healthcare-related businesses toward stronger cybersecurity practices, U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) last December to update the HIPAA Security Rule. This proposal is part of a broader federal push to strengthen cybersecurity across critical infrastructure—including healthcare.

If your organization handles protected health information (PHI), NOW is your window to get ahead of sweeping cybersecurity changes.

The comment period for this proposed rule closed in March 2025, and the final rule is expected to be published later this year or in early 2026. That means healthcare organizations have a rare opportunity: time to prepare before heightened cybersecurity requirements take effect.

What’s Coming

The proposed updates are significant. They include:

  • Eliminating the distinction between “required” and “addressable” implementation specifications—everything will be required.
  • Mandating written documentation of all security policies, procedures, and risk analyses.
  • Requiring a technology asset inventory and network map, updated at least annually.
  • Adding specific compliance timeframes for many existing requirements.
  • Demanding more detailed risk analyses, including how ePHI flows through your systems.

These changes are designed to make HIPAA compliance more proactive and resilient in the face of rising cyber threats.

Why You Should Act Now

Cyberattacks on healthcare organizations are increasing in frequency and severity. And if your organization suffers a breach that impacts 500 or more individuals – a level even small practices meet very easily – it could end up on that HHS Breach Portal linked to at the top of this post.

Being listed there isn’t just a regulatory issue, it’s a reputational one. Patients, partners and competitors can all see it. And once you’re on that list, it’s hard to rebuild trust.

What You Can Do in the Second Half of 2025

At KaufmanIT, we recommend using the remainder of this year to:

  1. Conduct a Gap Assessment
    Identify where your current cybersecurity practices fall short of the proposed rule.
  2. Implement Continuous Monitoring
    Tools like our SecureKIT™ Shield provide 24/7 vulnerability scanning, malicious traffic filtering and more for healthcare environments.
  3. Document Everything
    Start building or updating your written policies, procedures and risk analyses now—don’t wait for the final rule.
  4. Train Your Team
    Human error remains the leading cause of breaches. Regular training is essential.

Final Thought

The proposed HIPAA Security Rule changes are coming—and they’re coming fast. Use the second half of 2025 to prepare, protect your organization and avoid the consequences of being reactive.

If you’re unsure where to start, KaufmanIT offers assessments, training and managed services designed specifically for healthcare providers. Let’s make sure your organization stays compliant – and off the breach list.

HIPAA Cybersecurity FAQ – 2025 Updates

  1. What’s changing in HIPAA’s cybersecurity rules for 2025?
    All implementation specifications are likely to become mandatory, plus organizations must document policies, procedures and risk analyses in writing.
  2. Why is the HHS Breach Portal important?
    It publicly lists healthcare organizations that have experienced HIPAA violations or data breaches—making reputational damage a real risk.
  3. What’s the biggest cybersecurity threat to healthcare today?
    Phishing attacks are surging, meaning human error remains the leading cause of breaches.
  4. How can healthcare companies stay compliant?
    Conduct gap assessments, implement continuous monitoring tools and train staff regularly on security best practices.
  5. What does KaufmanIT offer to help?
    We provide SecureKIT™ Shield for real-time threat detection, HIPAA compliance support and tailored cybersecurity solutions for healthcare providers.

Get the IT Expertise You Deserve

Green Arrow Vector SVG (1)

You’re here now – why wait?

Find out why our award-winning team is also one of the fastest-growing technology providers in California.

Request a call today!

  • Map Icon

    20 Corporate Park Suite #350, Irvine, CA 92606

  • Phone Icon

    949.485.4070

  • Mail Icon

    info@kaufmanit.com

KaufmanIT-BIMI 5