DNV INTRODUCES FIRST HEALTHCARE CYBERSECURITY CERTIFICATION FOR HOSPITALS

DNV launched the first cybersecurity certification for hospitals, the Advanced Healthcare Cybersecurity Certification (AHCC).

This pioneering certification is available to hospitals worldwide and aims to help hospital IT teams and healthcare professionals identify and address gaps and areas for improvement in cybersecurity systems, ensuring that robust and secure measures are in place to provide optimal data protection and patient safety.

The Advanced Healthcare Cybersecurity Certification is designed to recognize the maturity and robustness of an organization’s cybersecurity program. It focuses on comprehensive security risk management in the hospital environment, encompassing cybersecurity, privacy, automation, AI, and the Internet of Medical Things (IoMT). 

Ransomware attacks and data breaches targeting healthcare organizations have reached unprecedented levels, affecting entities from small clinics to large integrated health systems. These cyber threats can result in compromised patient data and ultimately endanger patient safety. 
Recent cyberattacks on prominent healthcare institutions showcase the severe vulnerabilities within healthcare systems across the globe, prompting industry leaders and policymakers to prioritize improved cybersecurity measures. 

In the U.S., government officials have consistently identified healthcare as the economic sector most vulnerable to cyberattacks, and as much a part of the nation’s critical infrastructure as energy and water, according to Forbes. 

As the first cybersecurity certification specific to healthcare, the AHCC sets a new standard for hospitals and healthcare organizations. It verifies an organization’s compliance with the AHCC program requirements, assuring stakeholders of their commitment to deliver the highest level of security and quality of care to their patients.

DNV’s cyber certification framework is based on a risk-based approach within an established quality management system, ensuring high standards of medical practice, patient care, and patient safety, alongside the protection of healthcare systems and patient data.

“Recent cyberattacks revealed how serious the vulnerability of patient data in the healthcare system is, emphasizing the urgent need for enhanced digital security measures,” said Alex Imperial, VP and Regional Manager Americas, SCPA at DNV. "Our new certification compliments our portfolio of hospital accreditation, certification, and training services aimed at optimizing hospital safety and quality of care. DNV’s Advanced Healthcare Cybersecurity Certification enables hospitals to demonstrate the maturity and robustness of their cybersecurity program. A critical differentiator, to provide optimal patient care in times of growing cyberattacks.” 

DNV’s Advanced Healthcare Cybersecurity Certification is an essential addition to the portfolio of services designed to optimize hospital safety and quality of care. By securing this certification, hospitals can demonstrate their commitment to protecting patient data and ensuring the highest standards of cybersecurity in healthcare.

To achieve full Advanced Healthcare Cybersecurity Certification, hospitals must comply with AHCC program requirements, designed to ensure optimal protection against cyber-attacks, including:

  • Quality management system - plan and develop the processes needed for cybersecurity risk management service delivery
  • Program management - The personnel working in the AHCC program are appropriately trained and meet all applicable rules, codes, guidelines, etc.
  • Medical staff management - The AHCC leadership shall determine specific quality performance data
  • Staffing management - AHCC leadership shall provide continuing education to staff members assigned to the AHCC program
  • Patient rights - The organization shall inform, whenever possible, each patient and/or legal representative of the patient's rights in advance of providing or discontinuing care and allow the patient to exercise his or her rights consistent with regulatory statutes governing patient safety, data privacy, and data security
  • Medical record service - The organization shall comply with all applicable rules, guidelines, and requirements regarding medical records services, including data security
  • Physical environment management - The organization shall determine, provide, and maintain the infrastructure needed to achieve conformity to the AHCC program requirements, including buildings, cloud storage, data, workspace, and associated utilities, process equipment, mobile devices, hardware, software, cloud service provider; etc.
  • Advanced healthcare cybersecurity service delivery - AHCC leadership shall plan and develop the processes needed for cybersecurity risk management service delivery