Technology

US government wants to toughen up cybersecurity rules for healthcare organizations

December 30, 2024

New cybersecurity requirements may soon be introduced for US healthcare firms
The new rules will aim to protect systems which hold sensitive information
These will cost an estimated $9 billion in the first year

A new set of requirements have been proposed by the US Department of Health and Human Services (HHS) for healthcare firms in the country to ensure the personally identifiable information of patients and company data is adequately protected. The proposal includes routine vulnerability and breach scans, data encryption, and multi-factor authentication.

The new requirements would also make it mandatory to use anti-malware protection for systems which handle sensitive information, as well as network segmentation, implementing separate controls for data backup and recovery, and yearly audits to check for compliance.

Healthcare organizations have been increasingly targeted by threat actors due to the amount of sensitive data they hold and the crucial service they provide – meaning the organizations are often forced to pay large ransoms for their systems and information in order to continue operating.

The cost of updated standards

Implementing these requirements will cost an estimated $9 billion in the first year, and $6 billion in the following two years, according to Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger.

Despite the cost, Neuberger points out that these requirements add necessary protections given that the number of large scale security breaches and ransomware affecting healthcare organizations has skyrocketed by 102% since 2019.

Healthcare data is being repeatedly sold across the dark web, with an attack on UnitedHealth Group leading to over 100 million US customers exposed – which was disruptive to both patients and staff.

“In this job, one of the most concerning and really troubling things we deal with is hacking of hospitals, hacking of healthcare data,” said Neuberger.

“Hospitals have been forced to operate manually and Americans’ sensitive healthcare data, mental health information and other information are “being leaked on the dark web with the opportunity to blackmail individuals.”

Via Reuters

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar