Healthcare organizations in the US may soon get a cybersecurity overhaul

HHS proposes a $9B cybersecurity upgrade for US healthcare in response to rising data breaches.

: The US Department of Health and Human Services' Office for Civil Rights has proposed new cybersecurity requirements for healthcare organizations. These measures, posted in the Federal Register, include multifactor authentication, data encryption, and mandatory anti-malware protection. The initiative comes as a response to a 102% increase in large breaches from 2018-2023, costing $9 billion initially and $6 billion over the following four years. Public comments on this $9 billion proposal are expected to be gathered in a 60-day period.

The US Department of Health and Human Services' Office for Civil Rights has laid out new cybersecurity requirements aimed at modernizing the protection of patient data. These updates will require healthcare organizations to adopt multifactor authentication, use data encryption, and conduct regular scans for potential vulnerabilities and breaches.

The proposed rules, which were announced in the Federal Register, will also mandate the employment of anti-malware software, network segmentation, and separate controls for data backup and recovery. Additionally, organizations will face yearly compliance audits to ensure these standards are met.

The proposal follows a sharp rise in cybersecurity incidents, with breach reports up 102% between 2018 and 2023, which affected over 167 million individuals in 2023 alone. Implementing these measures is projected to cost $9 billion in the first year and $6 billion over the next four years, showing the priority of improving cybersecurity in the healthcare sector.