In recent years, many of us in the cybersecurity profession have predicted the end of self-assessed compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the fundamental security practices it mandates.
More specifically, some of us — myself included — believed such a shift would reflect the growing acceptance that cyber resilience no longer falls solely on the shoulders of the IT department or security professionals.
Instead, the dramatic impact of breaches like the Change Healthcare event in February 2024 have elevated cybersecurity practices, strategies and oversight to a board-level concern.
