- New cybersecurity requirements may soon be introduced for US healthcare firms
- The new rules will aim to protect systems which hold sensitive information
- These will cost an estimated $9 billion in the first year
A new set of requirements have been proposed by the US Department of Health and Human Services (HHS) for healthcare firms in the country to ensure the personally identifiable information of patients and company data is adequately protected. The proposal includes routine vulnerability and breach scans, data encryption, and multi-factor authentication.
The new requirements would also make it mandatory to use anti-malware protection for systems which handle sensitive information, as well as network segmentation, implementing separate controls for data backup and recovery, and yearly audits to check for compliance.
Healthcare organizations have been increasingly targeted by threat actors due to the amount of sensitive data they hold and the crucial service they provide – meaning the organizations are often forced to pay large ransoms for their systems and information in order to continue operating.
The cost of updated standards
Implementing these requirements will cost an estimated $9 billion in the first year, and $6 billion in the following two years, according to Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger.
Despite the cost, Neuberger points out that these requirements add necessary protections given that the number of large scale security breaches and ransomware affecting healthcare organizations has skyrocketed by 102% since 2019.
Healthcare data is being repeatedly sold across the dark web, with an attack on UnitedHealth Group leading to over 100 million US customers exposed – which was disruptive to both patients and staff.
“In this job, one of the most concerning and really troubling things we deal with is hacking of hospitals, hacking of healthcare data,” said Neuberger.
“Hospitals have been forced to operate manually and Americans’ sensitive healthcare data, mental health information and other information are “being leaked on the dark web with the opportunity to blackmail individuals.”
Via Reuters
Leave a comment