The US government is laying down the 'cyber law' for healthcare providers and will outline requirements for hospitals to establish basic digital cyber security defences ... or miss out on receiving federal funding.
The Centres for Medicare and Medicaid Services, an arm of the US Department of Health and Human Services, will reportedly set out the proposed requirements that will include two-factor authentication and maintaining a vulnerability-fixing program.
“The government is homing in on those key cybersecurity practices that we really do believe bring a meaningful impact,” said one senior administration official, who asked to remain anonymous, adding that practices like these “shut the door to most of our cyber incidents.”
The healthcare industry has long been at, or close to the top of most attacked industries, and the tough stance comes after more than 640 US healthcare data breaches took place and 91,734,000 records were stolen in the 12 months to October, 2023.
It's unsure how the hospital industry will react to the new requirements, although a fight looks likely. The American Hospital Association indicated this when they showed their disproval at the notion of tying the requirements to funding, after the Department of Health and Human Services suggested in December last year that the requirements were in the pipeline.
The new requirements are expected to take effect before the end of the year.