Friday, 5 September 2025
27.6 C
Singapore
28.2 C
Thailand
23 C
Indonesia
28.2 C
Philippines

The US proposes stricter cybersecurity rules to protect healthcare data

The US proposes healthcare cybersecurity rules, including encryption and MFA, to protect patient data. The first year's cost is estimated at US$9B.

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has proposed improving cybersecurity measures within healthcare organisations. This initiative is designed to safeguard patients’ sensitive information from the rising threat of cyberattacks. According to Reuters, the proposal follows significant breaches, including one earlier this year that exposed the private data of over 100 million UnitedHealth patients.

Protecting patient data from cyberattacks

The new rules call for several key measures to prevent breaches and mitigate the damage caused by cyberattacks. Under the proposal, healthcare providers and related organisations would be required to:

  • Implement multifactor authentication (MFA) to secure access to systems.
  • Segment their networks to prevent the spread of intrusions across systems.
  • Encrypt patient data to ensure that even stolen information remains inaccessible.

In addition, the rules mandate specific risk analysis practices, maintaining compliance documentation, and adhering to other cybersecurity protocols.

These measures form part of a larger cybersecurity strategy unveiled by the Biden administration last year. The regulations would amend the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) if approved. This rule, which governs entities such as doctors, nursing homes, and insurance companies, was last updated in 2013.

Significant costs but long-term benefits

While the proposed changes aim to enhance security, they come with a hefty price tag. According to Anne Neuberger, the US deputy national security advisor, the first year of implementation is estimated to cost US$9 billion, followed by US$6 billion annually for the next four years. These costs cover system upgrades, staff training, and adopting new technologies.

Healthcare providers must weigh these expenses against the potential benefits of reduced data breaches and increased patient trust. The updated framework is designed to minimise risks in an industry increasingly targeted by cybercriminals.

Public input and timeline for implementation

The OCR plans to publish the proposal in the Federal Register on January 6. This will initiate a 60-day public comment period, allowing stakeholders and members of the public to provide feedback. After the comment period ends, the final rule will be set, potentially leading to a significant shift in how healthcare organisations handle cybersecurity.

As cyberattacks become more sophisticated, the US government’s focus on strengthening protections for patient data highlights the growing need for vigilance and innovation in cybersecurity. The proposed measures, if adopted, could set a new standard for safeguarding sensitive information in the healthcare sector.

Hot this week

Designer reimagines floppy disks as SD card storage cases

Designer Ayushmaan Singh Jodha turns the classic floppy disk into a nostalgic, collectable SD card case with a practical twist.

Google denies claims of a major Gmail security issue

Google denies claims of a major Gmail security breach, reassuring users that phishing protections remain highly effective.

Amazon launches new AWS region in New Zealand

Amazon launches its first AWS infrastructure region in New Zealand, investing NZ$7.5b to boost jobs, cloud services, and sustainability.

Shoppers face conflicting advice from ChatGPT and Google’s AI tools

A study reveals that ChatGPT and Google AI frequently disagree on brand recommendations, with notable differences in transparency and citation levels.

Researchers show AI chatbots can be manipulated through persuasion

Researchers have shown that GPT-4o Mini can be manipulated with persuasion tactics, raising concerns about chatbot safety and security.

HubSpot unveils Loop Marketing playbook to drive growth in AI era

HubSpot launches Loop Marketing playbook and over 200 AI updates to help businesses grow in the era of AI search and zero-click results.

One in three Australian workers expose company data to AI platforms, Josys warns

Over a third of Australian workers upload sensitive data to AI tools, with Josys warning of rising risks from shadow AI and weak governance.

Singapore Polytechnic partners ESGpedia to strengthen sustainability efforts for local businesses

Singapore Polytechnic and ESGpedia partner to help Singapore businesses cut emissions, boost energy efficiency, and support the Green Plan 2030.

Veeam launches first software appliance for instant, secure data protection

Veeam has launched its first hardware-agnostic software appliance, offering instant, secure data protection with built-in resilience.

Related Articles

Popular Categories