realtybizideas banner
houzez-header-1

Biden Administration Suggests New Cybersecurity Rules to Mitigate Healthcare Data Breaches

President Joe Biden

Healthcare organizations might need to enhance their cybersecurity measures to more effectively protect sensitive information from being compromised by cyberattacks, such as those that affected Ascension and UnitedHealth, according to a senior official from the White House who spoke on Friday.

Anne Neuberger, the U.S. deputy national security advisor for cyber, highlighted the need for new requirements due to the large number of Americans affected by healthcare data breaches. The recommendations include encrypting data to protect it from exposure and enforcing compliance checks for cybersecurity regulations.

The proposed regulation from the Office for Civil Rights (OCR) at HHS, published in the Federal Register, aims to revise HIPAA standards. In 2023, cybersecurity incidents affected the healthcare information of over 167 million individuals. The rule is expected to cost approximately $9 billion in the first year and around $6 billion annually for the next four years.

“We have put forward several important proposals that we believe will enhance cybersecurity and ultimately protect everyone’s health information, should any of these proposals be finalized,” an OCR spokesperson informed Reuters late Friday.

The next phase in this process is a 60-day period for public comments before any final decisions can be made. Since 2019, incidents of major healthcare breaches due to hacking and ransomware have surged by 89% and 102%, respectively, she noted. “One of the most alarming and truly concerning issues we face in this role is the hacking of hospitals and healthcare data,” Neuberger remarked.

Hospitals have had to revert to manual operations, and sensitive health data, including mental health information of Americans, is being “leaked on the dark web, increasing the risk of blackmail for individuals,” Neuberger stated.