New HIPAA Requirements, Explained: What Healthcare Organizations Need to Do Next

This compliance brief explains the latest proposed updates to the HIPAA Security Rule and introduces HHS’s new Healthcare Sector Cybersecurity Performance Goals (CPGs), which prioritize foundational protections like MFA before advancing to stronger measures such as network segmentation. It emphasizes that most breaches begin with stolen credentials and escalate through lateral movement, making both controls essential to limiting impact. The document outlines how Zero Networks helps healthcare organizations meet these requirements—extending MFA to all assets (including legacy and unmanaged devices) and enabling rapid, automated microsegmentation to contain threats—ultimately improving security, reducing operational complexity, and supporting compliance without disrupting patient care.