A set of new requirements proposed by the US Health and Human Services (HHS) Office for Civil Rights could bring healthcare organizations up to speed with modern cybersecurity practices. The the proposalPublished in the Federal Register on Friday, it includes routine requirements for multi-factor authentication, data encryption and vulnerabilities and breaches. It would also make it mandatory to use anti-malware protection on systems handling sensitive information, along with implementing separate network segmentation, data backup and recovery controls, and annual audits to verify compliance.
HHS also shared a sheet outlining the proposal that would update the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. A 60-day public comment period is expected to open soon. At a press conference, US Deputy National Security Adviser Anne Neuberger said the plan would cost $9 billion to implement in the first year, and $6 billion over the next four years. Reuters the reports The proposal is due to a significant increase in large-scale offenses in recent years. Earlier this year, the healthcare industry suffered several major cyberattacks, including hacks at Ascension and UnitedHealth systems that caused disruptions to hospitals, doctor’s offices and pharmacies.
“From 2018 to 2023, reports of major breaches increased by 102 percent, and the number of people affected by these breaches increased by 1002 percent, primarily due to an increase in hacking and ransomware attacks,” it says. Office of Civil Rights. “In 2023, over 167 million people were affected by major breaches – a new record.”
2024-12-28 22:09:33
https://s.yimg.com/ny/api/res/1.2/ZXRihhbWaxtBdWtpS4fsog–/YXBwaWQ9aGlnaGxhbmRlcjt3PTEyMDA7aD04MDE-/https://s.yimg.com/os/creatr-uploaded-images/2024-12/d40cc470-c565-11ef-b45f-3587c7a658e2