HITRUST has sent a letter to U.S. Congress and Regulatory members, expressing HITRUST’s support for their efforts to evaluate and address ransomware attacks, such as the ones recently suffered by Change Healthcare and Ascension Health.
The letter urges lawmakers to view the problem as a matter of risk management with a focus on selecting and using relevant controls that are threat-adaptive, and ensuring that compliance outcomes, where needed, are earned through robust and reliable assurance programs. And as validation to this “relevant controls plus reliable assurances” strategy, HITRUST offers the proof of performance from its 2024 Trust Report that reveals that only 0.64% of environments with HITRUST certifications experienced a breach over the last two years.
The recommendations further note that the tools to accomplish this already exist and that it would be prudent to focus on their effective application rather than spend precious time and resources creating new ones. This approach can yield very strong outcomes, more quickly and efficiently, for everyone.
We invite you to read the letter to see HITRUST’s specific recommendations.