Biden Administration Proposes Stricter Cybersecurity Rules for Healthcare Data Protection

The Biden administration has unveiled a proposal to strengthen cybersecurity requirements for healthcare organizations, aiming to mitigate the impact of data breaches like those targeting Ascension and UnitedHealth.

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, highlighted the urgent need for these measures, citing the exposure of sensitive healthcare data of over 167 million Americans in 2023 due to cyberattacks. The proposed regulations emphasize encrypting healthcare data to render it inaccessible if leaked and implementing regular compliance checks to ensure adherence to cybersecurity standards.

The detailed proposed rule was published in the Federal Register, with a summary provided by the Department of Health and Human Services (HHS) on its website. If adopted, the rule would update HIPAA (Health Insurance Portability and Accountability Act) standards, with an estimated cost of $9 billion in the first year and $6 billion annually for the following four years.

Healthcare cyberattacks, including hacking and ransomware incidents, have surged by 89% and 102%, respectively, since 2019, according to Neuberger. Hospitals have faced operational disruptions, while leaked healthcare data, including mental health records, has appeared on the dark web, raising concerns about potential blackmail.

An Office for Civil Rights spokesperson stated that these proposals aim to significantly enhance cybersecurity and protect Americans’ health information. The public will have 60 days to provide feedback before the rules are finalized.