- New cybersecurity requirements for US healthcare companies may soon be introduced.
- The new rules will aim to protect systems that contain sensitive information.
- They will cost approximately $9 billion in the first year.
The U.S. Department of Health and Human Services (HHS) has proposed a new set of requirements for the nation’s healthcare companies to ensure that patients’ personally identifiable information and company data are adequately protected. . The proposal includes routine scans for vulnerabilities and breaches, data encryption and multi-factor authentication.
The new requirements would also make it mandatory to use anti-malware protection for systems that handle sensitive information, as well as network segmentation, implementation of separate controls for data backup and recovery, and annual audits to verify compliance.
Healthcare organizations have increasingly been targeted by threats due to the amount of sensitive data they hold and the crucial service they provide, meaning organizations are often forced to pay large ransoms for their systems and information to be able to continue operating.
The cost of updated standards.
Implementing these requirements will cost approximately $9 billion in the first year and $6 billion in the next two years, according to Anne Neuberger, deputy national security adviser for cyber and emerging technologies.
Despite the cost, Neuberger notes that these requirements add necessary protections given that the number of large-scale security breaches and ransomware affecting healthcare organizations has skyrocketed by 102% since 2019.
Healthcare data is repeatedly sold over the dark web, and an attack on UnitedHealth Group exposed more than 100 million American customers, which was harmful to both patients and staff.
“In this work, one of the most concerning and really disturbing things we deal with is the hacking of hospitals, the hacking of healthcare data,” Neuberger said.
“Hospitals have been forced to operate manually and Americans’ sensitive healthcare data, mental health information and other information “are leaking onto the dark web with the opportunity to blackmail people.”
Via PakGazette
