The US government wants to tighten cybersecurity rules for healthcare organizations
- New cybersecurity requirements may soon be introduced for US healthcare companies
- The new rules are intended to protect systems that contain sensitive information
- These will cost an estimated $9 billion in the first year
The U.S. Department of Health and Human Services (HHS) has proposed a new set of requirements for healthcare companies in the country to ensure that patients’ personally identifiable information and corporate data are adequately protected. The proposal includes routine scanning for vulnerabilities and breaches, data encryption and multi-factor authentication.
The new requirements would also make it mandatory to use anti-malware protection for systems that handle sensitive information, as well as network segmentation, implementing separate controls for data backup and recovery, and annual audits to monitor compliance.
Healthcare organizations are increasingly being targeted by threat actors due to the amount of sensitive data they store and the critical service they provide. This means that organizations are often forced to pay large ransoms for their systems and information in order to continue functioning.
The cost of updated standards
According to Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, implementing these requirements will cost an estimated $9 billion in the first year, and $6 billion over the next two years.
Despite the cost, Neuberger points out that these requirements provide necessary protection as the number of large-scale security breaches and ransomware faced by healthcare organizations has increased 102% since 2019.
Healthcare data is repeatedly sold via the dark web, with an attack on UnitedHealth Group leading to more than 100 million US customers being exposed – disruptive to both patients and staff.
“In this job, one of the most concerning and really troubling things we deal with is the hacking of hospitals and healthcare data,” Neuberger says.
“Hospitals are forced to operate manually and US sensitive healthcare data, mental health information and other information is being “leaked onto the dark web with the potential to blackmail individuals.”
Via Reuters