The U.S. Department of Labor's (DOL's) Employee Benefits Security Administration (EBSA) has issued DOL Compliance Assistance Release No. 2024-01. This compliance assistance release confirms that the agency's 2021 updated guidance on cybersecurity applies to all employee benefits plans, including all health and welfare plans and retirement plans.
EBSA has specifically updated its cybersecurity guidance, which includes its best practices, tips for hiring service providers, and online security tips, to include references to health and welfare plans. In doing so, EBSA acknowledges that health and welfare plans and retirement plans can be targets for cybercriminals, as they oversee personally identifying information for individuals, along with plan data and assets. This release makes it clear that fiduciaries of employee benefit plans subject to ERISA have a duty to ensure proper mitigation of cybersecurity risks.
A recent report to Congress by the U.S. Department of Health and Human Services (HHS)'s Office of Civil Rights (OCR) notes that hacking and other IT incidents remain the most common cybersecurity breach. Covered entities must improve their cybersecurity efforts and readiness to avoid penalties. The compliance assistance release also provides links to HHS publications to help health plans and their service providers with cybersecurity.
HBL has experience in all areas of benefits and employment law, offering a comprehensive solution to all your business benefits and H.R./employment needs. We help ensure you are in compliance with the complex requirements of ERISA and the IRS code, as well as those laws that impact you and your employees. Together, we reduce your exposure to potential legal or financial penalties. Learn more by calling 470-571-1007.
The following two tabs change content below.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.