Health care breaches lead to legislation
Highlights of the new standard include:
- Performing and documenting a security risk analysis of exposure
- Documentation of a business continuity plan (BCP)
- Stress test of resiliency and documentation of any planned changes to the BCP
- A signed statement by both the CEO and CISO of compliance
- A third-party audit to certify compliance (no later than six months after enactment)
