1 minute read
In Compliance Assistance Release No. 2024-01, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) has reaffirmed that their April 2021 cybersecurity guidelines are applicable to all employee benefit plans, encompassing both health and welfare plans.
Background
In 2021, EBSA issued cybersecurity guidance to protect plan data, personal information, and plan assets. Service providers believed it only applied to retirement plans. It was recommended that EBSA clarify that the guidance also applies to health benefit plans in 2022.
Updated Guidance
The Compliance Release clarifies that the cybersecurity guidance applies to all ERISA-covered plans, including health, welfare, and pension plans. EBSA is providing the following updated guidance:
- Tips for Hiring a Service Provider – How to select a provider with strong cybersecurity practices
- Cybersecurity Program Best Practices – How to manage cybersecurity risks
- Online Security Tips – How to reduce the risk of fraud and loss
Additional Resources
The U.S. Department of Health and Human Services offers publications to help health plans and their providers maintain good cybersecurity practices.
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients
- Technical Volume 1: Cybersecurity Practices for Small Healthcare Organizations
- Technical Volume 2: Cybersecurity Practices for Medium and Large Healthcare Organizations
Download the bulletin for more details.