A set of new requirements proposed by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights could bring healthcare organizations up to speed with modern cybersecurity practices. He proposalpublished in the Federal Register on Friday, includes requirements for multi-factor authentication, data encryption, and routine scanning for vulnerabilities and breaches. It would also make the use of anti-malware protection mandatory for systems that handle sensitive information, along with network segmentation, implementing separate controls for data backup and recovery, and annual audits to verify compliance.
HHS also shared a fact sheet describing the proposal, which would update the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). A 60-day public comment period is expected to open soon. At a news conference, U.S. deputy national security adviser for cyber and emerging technologies Anne Neuberger said executing the plan would cost $9 billion in the first year and $6 billion over the next four years. . <a target="_blank" data-i13n="elm:context_link;elmt:doNotAffiliate;cpos:3;pos:1" class="link " href="https://www.reuters.com/technology/cybersecurity/biden-administration-proposes-new-cybersecurity-rules-limit-impact-healthcare-2024-12-27/” rel=”nofollow noopener” target=”_blank” data-ylk=”slk:Reuters;elm:context_link;elmt:doNotAffiliate;cpos:3;pos:1;itc:0;sec:content-canvas”>Reuters information. The proposal comes in light of a marked increase in large-scale rapes in recent years. This year alone, the healthcare industry was hit by multiple major cyberattacks, including attacks on Ascension and UnitedHealth systems that caused disruptions to hospitals, doctors' offices, and pharmacies.
“From 2018 to 2023, reports of major breaches increased by 102 percent, and the number of people affected by such breaches increased by 1,002 percent, primarily due to the increase in hacking and ransomware attacks,” according to the Office of Civil Rights. “In 2023, more than 167 million people were affected by major breaches – a new record.”
