Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS). proposes new cybersecurity requirements for healthcare organizations designed to protect patients’ private data in the event of cyberattacks, reports Reuters. The rules come after major cyberattacks like the one that leaked the private information of more than 100 million UnitedHealth patients earlier this year.
U The proposal of the OCR include requiring healthcare organizations to make multi-factor authentication mandatory in most situations, segmenting their networks to reduce the risks of intrusions spreading from one system to another, and encrypting patient data so that even if it is stolen, it cannot be accessed. It could also direct regulated groups to perform certain risk analysis practices, maintain compliance documentation, and more.
The rule is part of the cybersecurity strategy that the Biden administration announced last year. Once finalized, it will update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which regulates doctors, nursing homes, health insurance companies, and more, and is was last updated in 2013.
US national security adviser Anne Neuberger put the cost of implementing the requirements at “an estimated $9 billion in the first year, and $6 billion in years two through five.” write Reuters. The proposal must be published in the Federal Register on the 6th of Januarywhich will begin the 60-day public comment period before establishing the final rule.
