No Federal Funding For US Healthcare Providers Lacking Cyber Security Defences

Giulio Saggin
Giulio Saggin
Thursday 11 January 2024
No Federal Funding For US Healthcare Providers Lacking Cyber Security Defences
Photo: Louis Reed / Unsplash

The US government is laying down the 'cyber law' for healthcare providers and will outline requirements for hospitals to establish basic digital cyber security defences ... or miss out on receiving federal funding.

The Centres for Medicare and Medicaid Services, an arm of the US Department of Health and Human Services, will reportedly set out the proposed requirements that will include two-factor authentication and maintaining a vulnerability-fixing program.

“The government is homing in on those key cybersecurity practices that we really do believe bring a meaningful impact,” said one senior administration official, who asked to remain anonymous, adding that practices like these “shut the door to most of our cyber incidents.”

The healthcare industry has long been at, or close to the top of most attacked industries, and the tough stance comes after more than 640 US healthcare data breaches took place and 91,734,000 records were stolen in the 12 months to October, 2023.

It's unsure how the hospital industry will react to the new requirements, although a fight looks likely. The American Hospital Association indicated this when they showed their disproval at the notion of tying the requirements to funding, after the Department of Health and Human Services suggested in December last year that the requirements were in the pipeline.

The new requirements are expected to take effect before the end of the year.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203