Healthcare organizations might need to enhance their cybersecurity measures, to more effectively prevent the leakage of sensitive information due to cyberattacks, such as those that impacted Ascension and UnitedHealth (UNH.N), a senior White House official stated.
Anne Neuberger, the U.S. deputy national security advisor for cyber and emerging technology, informed reporters that these proposed requirements are crucial, given the vast number of Americans whose data has been compromised by significant breaches of healthcare information.
The proposals suggest encrypting data to prevent access even if it is leaked, and implementing compliance checks to ensure networks adhere to cybersecurity standards.
The complete proposed rule was published in the Federal Register, and the Department of Health and Human Services provided a more concise summary on its website.
In 2023, cybersecurity incidents affected the healthcare information of over 167 million people.
The proposed rule from the Office for Civil Rights (OCR) within HHS, aims to update standards under the Health Insurance Portability and Accountability Act (HIPAA), and is projected to cost approximately $9 billion in the first year, and $6 billion annually from the second to the fifth year, Neuberger noted.
"We've made some significant proposals that we think will improve cybersecurity and ultimately everyone's health information, if any of these proposals are ultimately finalized," an OCR spokesperson told Reuters.
The next step in the process is a 60-day public comment period before any final decisions are made.
Since 2019, large healthcare breaches due to hacking and ransomware have surged by 89% and 102%, respectively, Neuberger reported.
"In this job, one of the most concerning and really troubling things we deal with is hacking of hospitals, hacking of healthcare data," Neuberger said.
Hospitals have had to function manually, and sensitive healthcare data, including mental health information and other personal details of Americans, are "being exposed on the dark web, creating opportunities for blackmail," Neuberger stated.
For more cybersecurity news, follow Cyderes on LinkedIn and X.
