A set of new requirements proposed by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights could bring healthcare organizations on par with modern cybersecurity practices. the an offerwhich was published in the Federal Register on Friday, includes requirements for multi-factor authentication, data encryption and routine scans for vulnerabilities and breaches. It will also make the use of malware protection mandatory for systems handling sensitive information, along with network segmentation, implementing separate controls for data backup and recovery, and annual audits to verify compliance.
HHS also shared a Fact sheet Outlines of the proposal, which would update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Security Rule. A 60-day public comment period is expected to open soon. In a press conference, the US Deputy National Security Advisor for Cyber and Emerging Technologies, Anne Neuberger, said that the plan will cost $9 billion in the first year of its implementation, and $6 billion over the subsequent four years. Reuters Reports. The proposal comes in light of the noticeable increase in large-scale violations over the past few years. Just this year, the healthcare industry has been hit by several major cyberattacks, including a hack of Ascension and UnitedHealth’s systems that caused disruptions at hospitals, doctors’ offices, and pharmacies.
“From 2018 to 2023, reports of major breaches increased by 102 percent, and the number of individuals affected by these breaches increased by 1,002 percent, primarily due to increases in hacking and ransomware attacks,” according to the report. Office for Civil Rights. “In 2023, more than 167 million individuals were affected by major breaches – a new record.”
https://s.yimg.com/ny/api/res/1.2/ZXRihhbWaxtBdWtpS4fsog–/YXBwaWQ9aGlnaGxhbmRlcjt3PTEyMDA7aD04MDE-/https://s.yimg.com/os/creatr-uploaded-images/2024-12/d40cc470-c565-11ef-b45f-3587c7a658e2
Source link