A senior White House official stated that healthcare organizations might need to enhance their cybersecurity measures to more effectively prevent the leakage of sensitive information due to cyberattacks, such as those that impacted Ascension and UnitedHealth (UNH.N).
Anne Neuberger, the U.S. deputy national security advisor for cyber and emerging technology, informed reporters that these requirements are crucial, given the vast number of Americans whose data has been compromised by significant healthcare information breaches.
The proposals suggest encrypting data to prevent access even if it is leaked and implementing compliance checks to ensure networks adhere to cybersecurity standards.
The complete proposed rule was published in the Federal Register, and the Department of Health and Human Services provided a more concise summary on its website.
In 2023, cybersecurity incidents affected the healthcare information of over 167 million people.
Neuberger noted that the proposed rule from the Office for Civil Rights (OCR) within HHS aims to update standards under the Health Insurance Portability and Accountability Act (HIPAA). It is projected to cost approximately $9 billion in the first year and $6 billion annually from the second to the fifth year.
"We've made some significant proposals that we think will improve cybersecurity and ultimately everyone's health information, if any of these proposals are ultimately finalized," an OCR spokesperson told Reuters.
The next step in the process is a 60-day public comment period before any final decisions are made.
Neuberger reported that since 2019, significant healthcare breaches due to hacking and ransomware have surged by 89% and 102%, respectively.
"In this job, one of the most concerning and really troubling things we deal with is hacking of hospitals, hacking of healthcare data," Neuberger said.
Hospitals have had to function manually, and sensitive healthcare data, including mental health information and other personal details of Americans, are "being exposed on the dark web, creating opportunities for blackmail," Neuberger stated.
For more cybersecurity news, follow Cyderes on LinkedIn and X.
