A set of new requirements proposed by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights could bring healthcare organizations on par with modern cybersecurity practices. of suggestionThe document, published Friday in the Federal Register, includes requirements for multi-factor authentication, data encryption and regular scanning for vulnerabilities and breaches. The use of anti-malware protection is also mandatory for systems handling sensitive information, along with network segmentation, implementation of separate controls for data backup and recovery, and annual audits to check compliance.
HHS also shared fact sheet Outlines proposals to update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security rules. A 60-day public comment period is expected to begin soon. Ann Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, said at a press conference that the plan would cost $9 billion in the first year and $6 billion over the next four years. Ta. Reuters I will report. This proposal was made in view of the significant increase in large-scale breaches over the past few years. Just this year, the healthcare industry suffered multiple major cyberattacks, including hacks into Ascension and UnitedHealth systems, causing disruption to hospitals, clinics, and pharmacies.
“From 2018 to 2023, reports of large-scale breaches increased by 102 percent, and the number of individuals affected by such breaches increased by 1002 percent, primarily due to an increase in hacking and ransomware attacks. “This is the cause,” the report states. civil rights office. “In 2023, more than 167 million individuals were affected by a major breach, which is a new record.”
