The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) Propose new cyber security requirements For healthcare organizations aiming to protect patients' personal data in the event of cyber attacks, reports reuters, The rules follow major cyberattacks, such as the leak of personal information of more than 100 million UnitedHealth patients earlier this year.
OCR proposal This includes requiring that healthcare organizations mandate multifactor authentication in most situations, that they segment their networks to reduce the risk of an intrusion spreading from one system to another, and that they encrypt patient data. So that even if it is stolen, it cannot be accessed. It will direct regulated groups to adopt certain risk analysis practices, maintain compliance documentation, and more.
part of the rules cyber security strategy Which was announced by the Biden administration last year. Once finalized, it will update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) safeguards rule, which regulates doctors, nursing homes, health insurance companies and others, and was last updated in 2013. Had gone.
US Deputy National Security Advisor Anne Neuberger estimated the cost of implementing the requirements at “$9 billion in the first year, and $6 billion over the second to five years”. reutersThe proposal is to be published in the Federal Register on 6th JanuaryThat will trigger a 60-day public comment period before a final rule is set.