News

US Healthcare Providers May Be Hit With New Cybersecurity Rules

News Room
News Room

Healthcare providers across the US may be forced to shore up their cybersecurity practices following new proposals from the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR).

The proposed measures include implementing multi-factor authentication and encrypting patient data to safeguard it in case of a data breach. Organizations in the sector would also be required to undergo compliance checks to ensure their networks meet cybersecurity rules.

The proposals are now in a 60-day public comment period, during which industry players, such as healthcare firms, can provide feedback. However, the new changes won’t come cheap. Reuters reports that Anne Neuberger, the US deputy national security advisor for cyber and emerging technology, told reporters the proposals are projected to cost $9 billion in the first year and $6 billion in the following two years.

Neuberger highlighted the growing problem of ransomware in the healthcare industry, claiming that large healthcare breaches resulting from hacking and ransomware have increased by 89% and 102%, respectively, since 2019. She also pointed out how healthcare data is increasingly being traded on the dark web, “with the opportunity to blackmail individuals.”

The proposals follow several high-profile data breaches in the sector, exposing the data of hundreds of millions of Americans and disrupting treatment. In February 2024, a ransomware attack on UnitedHealth subsidiary Change Healthcare reportedly exposed the personal data of more than 100 million people and paused pharmacy services and billing.

Recommended by Our Editors

In May 2024, healthcare provider Ascension was hit with a cyberattack that brought down the IT systems at many of its hospitals, in some cases forcing doctors to use pen-and-paper records.

According to the prepared statements from Change Healthcare’s CEO Andrew Witty, hackers used “compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops.” Witty said the portal “did not have multi-factor authentication,” something that would be required under the new proposals.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.

Newsletter Pointer

About Will McCurdy

Contributor

Will McCurdy

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read Will’s full bio

Read the latest from Will McCurdy

Share This Article
Previous Article What is Ubuntu “LTS” and when should you use it?
Next Article Huawei P70 series smartphones expected to launch in April as supply chain firms begin deliveries · TechNode
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

10 Free Cute Checklist Templates to Stay Organized |
Computing
Get an Anker portable charger for just $16 and never experience low power panic again
News
How to Create a Checklist in OneNote |
Computing
Google wants Search to be more like an AI assistant in 2025 | News
News
Lost your password?