US Healthcare Providers May Be Hit With New Cybersecurity Rules

The proposed rules from HHS aim to combat rising ransomware attacks and data breaches in the sector, but changes could cost $9 billion in just the first year.

Healthcare providers across the US may be forced to shore up their cybersecurity practices following new proposals from the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR).

The proposed measures include implementing multi-factor authentication and encrypting patient data to safeguard it in case of a data breach. Organizations in the sector would also be required to undergo compliance checks to ensure their networks meet cybersecurity rules.

No final decisions are expected on the proposals until the end of a 60-day public comment period, during which industry players, such as healthcare firms, can provide feedback. However, the new changes won’t come cheap. Reuters reports that Anne Neuberger, the US deputy national security advisor for cyber and emerging technology, told reporters the proposals are projected to cost $9 billion in the first year and $6 billion in the following two years.

Neuberger highlighted the growing problem of ransomware in the healthcare industry, claiming that large healthcare breaches resulting from hacking and ransomware have increased by 89% and…