The Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS) is propose new cybersecurity requirements for healthcare organizations to protect private patient data in the event of cyber attacks, <a target="_blank" href="https://www.reuters.com/technology/cybersecurity/biden-administration-proposes-new-cybersecurity-rules-limit-impact-healthcare-2024-12-27/”>information Reuters. The rules come after major cyberattacks like the one that leaked the private information of more than 100 million UnitedHealth patients earlier this year.
He The OCR proposal includes requiring healthcare organizations to make multi-factor authentication mandatory in most situations, to segment their networks to reduce the risks of intrusions spreading from one system to another, and to encrypt patient data so that, Even if they are stolen, they cannot be accessed. It would also direct regulated groups to undertake certain risk analysis practices, maintain compliance documentation, and more.
The rule is part of the cybersecurity strategy the Biden administration announced last year. Once finalized, it would update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which regulates doctors, nursing homes, health insurance companies, and more, and which was last updated in 2013.
US Deputy National Security Advisor Anne Neuberger estimated the cost of implementing the requirements at “approximately $9 billion in the first year, and $6 billion in years two through five,” she writes. Reuters. The proposal will be published in the Federal Register. January 6which will begin the 60-day public comment period before the final rule is established.
