The US Department of Health and Human Services’ (HHS) Office for Civil Rights has proposed new requirements to enhance cybersecurity practices in healthcare organizations. These requirements include multifactor authentication, data encryption, vulnerability scans, and anti-malware protection for systems handling sensitive information. Additionally, network segmentation, data backup controls, and yearly compliance audits would be mandatory.
HHS has released a fact sheet detailing the proposal to update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. A 60-day public comment period will open soon to gather feedback on the plan. According to US deputy national security advisor Anne Neuberger, the implementation of these measures is estimated to cost $9 billion.
2024-12-28 17:09:33
Original article from www.engadget.com