Link: The US proposes rules to make healthcare data more secure

The US Department of Health and Human Services (HHS) is introducing new cybersecurity rules to safeguard patient data against cyberattacks. This follows major incidents, including a breach affecting over 100 million UnitedHealth patients.

The proposed regulations require multifactor authentication, network segmentation, and encryption of patient data. These measures will help ensure data remains secure, even if stolen.

Additional guidelines include performing periodic risk analyses and maintaining compliance documentation. The aim is to improve overall cybersecurity readiness within healthcare entities.

The updates will revise the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This marks the first major change since 2013 and extends to various healthcare providers and insurers.

US Deputy National Security Advisor Anne Neuberger estimates the costs for implementing these measures will be approximately $9 billion initially, followed by $6 billion over the next four years.

The proposed rule is slated for publication in the Federal Register on January 6th, starting a 60-day public comment period before finalization. #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.