Friday, 19 September 2025
28.2 C
Singapore
28.5 C
Thailand
19.7 C
Indonesia
28.5 C
Philippines

The US proposes stricter cybersecurity rules to protect healthcare data

The US proposes healthcare cybersecurity rules, including encryption and MFA, to protect patient data. The first year's cost is estimated at US$9B.

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has proposed improving cybersecurity measures within healthcare organisations. This initiative is designed to safeguard patients’ sensitive information from the rising threat of cyberattacks. According to Reuters, the proposal follows significant breaches, including one earlier this year that exposed the private data of over 100 million UnitedHealth patients.

Protecting patient data from cyberattacks

The new rules call for several key measures to prevent breaches and mitigate the damage caused by cyberattacks. Under the proposal, healthcare providers and related organisations would be required to:

  • Implement multifactor authentication (MFA) to secure access to systems.
  • Segment their networks to prevent the spread of intrusions across systems.
  • Encrypt patient data to ensure that even stolen information remains inaccessible.

In addition, the rules mandate specific risk analysis practices, maintaining compliance documentation, and adhering to other cybersecurity protocols.

These measures form part of a larger cybersecurity strategy unveiled by the Biden administration last year. The regulations would amend the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) if approved. This rule, which governs entities such as doctors, nursing homes, and insurance companies, was last updated in 2013.

Significant costs but long-term benefits

While the proposed changes aim to enhance security, they come with a hefty price tag. According to Anne Neuberger, the US deputy national security advisor, the first year of implementation is estimated to cost US$9 billion, followed by US$6 billion annually for the next four years. These costs cover system upgrades, staff training, and adopting new technologies.

Healthcare providers must weigh these expenses against the potential benefits of reduced data breaches and increased patient trust. The updated framework is designed to minimise risks in an industry increasingly targeted by cybercriminals.

Public input and timeline for implementation

The OCR plans to publish the proposal in the Federal Register on January 6. This will initiate a 60-day public comment period, allowing stakeholders and members of the public to provide feedback. After the comment period ends, the final rule will be set, potentially leading to a significant shift in how healthcare organisations handle cybersecurity.

As cyberattacks become more sophisticated, the US government’s focus on strengthening protections for patient data highlights the growing need for vigilance and innovation in cybersecurity. The proposed measures, if adopted, could set a new standard for safeguarding sensitive information in the healthcare sector.

Hot this week

Google search ranking data disrupted after removal of 100 results per page

Google’s removal of 100 results per page has disrupted ranking data in Search Console and third-party tools, leaving metrics unreliable.

Borderlands 4 launches in Singapore with exclusive pop-up event

Borderlands 4 launches worldwide with a Singapore pop-up event, featuring local artist collaborations and NVIDIA promotions.

New Relic study shows IT outages cost Southeast Asian firms up to US$165.5 million a year

A New Relic report finds IT outages cost Southeast Asian firms up to US$165.5m yearly, with AI driving demand for observability.

Singapore ranks 5th in the 2025 Global Innovation Index

Singapore climbed to 5th in the 2025 Global Innovation Index, rising two spots in innovation outputs for its best ranking in over a decade.

Xiaomi teases Xiaomi 17 series ahead of Snapdragon Summit

Xiaomi teases Xiaomi 17 series with Pro and Pro Max models, likely to launch at Qualcomm’s Snapdragon Summit in late September.

Steam to end Windows 32-bit support in 2026

Steam will end support for 32-bit Windows on 1 January 2026, continuing only with 64-bit Windows 10 and 11.

Google to use hashes to remove non-consensual intimate imagery from search

Google partners with StopNCII to remove non-consensual intimate images from search using unique hashes.

You can turn off iOS 26 full-screen screenshot previews

Learn how to turn off iOS 26 full-screen screenshot previews while keeping editing tools accessible.

Anker recalls over 481,000 power banks after fire incidents

Anker recalls over 481,000 power banks after reports of fires, offering refunds and gift cards to affected consumers.

Related Articles

Popular Categories