The Biden administration intends to require hospitals to meet minimum cybersecurity standards after a single hack compromised the data of 100 million Americans.
In an interview Thursday at the Bloomberg Tech Summit in San Francisco, Deputy National Security Advisor for Cyber and Emerging Technologies Ann Neuberger said, We are aiming to introduce it.” Neuberger did not provide a timeline on when the administration plans to implement the rule.
This proposal could extend beyond hospitals. The U.S. government will issue several notices of proposed rulemaking to implement minimum cybersecurity requirements for companies that receive Medicare and Medicaid funding, according to a U.S. official who requested anonymity to discuss the sensitive plan. It is expected to be released within the next week. There will then be a public comment period, officials said.
The announcement follows a February hack on Change Healthcare, a division of UnitedHealth Group, that cost doctors and hospitals billions of dollars, delayed patient care, and hacked three Americans. This comes after the medical data of one patient was stolen. .
A breach at Change, a central node in the health care system that transmits terabytes of data for doctors, pharmacies, insurance companies and the government, shows how a single point of failure could jeopardize the national industry. We have demonstrated that. The breach has plunged some clinics into financial crisis and could reduce UnitedHealth's profits by up to $1.6 billion this year.
In the early weeks of the attack, medical bills were 20% lower than normal, Neuberger said, adding, “That means we were doing 20% fewer procedures.”
Along with pushing for hospital cybersecurity regulations, the Biden administration will provide free training to 1,400 small, rural hospitals across the country, Neuberger said. He said the training would be available “in the coming weeks.”
The healthcare sector is a recurring target of criminal hackers who encrypt computer networks and steal sensitive data in lieu of extortion. On Wednesday, Ascension, one of the nation's largest Catholic hospital chains, announced it was investigating a cybersecurity incident in some of its network systems.
“Clinical operations have been disrupted and we continue to assess the impact and duration of the disruption,” Ascension said in a statement posted on its website Thursday. The nonprofit chain was investigating whether sensitive data was affected by the incident.
Ascension did not respond to requests for comment.
Earlier this month, UnitedHealth CEO Andrew Whitty told U.S. lawmakers that intruders gained access through servers that lacked multi-factor authentication, a basic cybersecurity measure, and stole large amounts of health and personal data. He said he had access to the data.
In his testimony, Whitty expressed openness to mandatory cybersecurity standards. But there seems to be some resistance.
The American Hospital Association, which represents health care industry interests, has previously vowed to oppose any effort to impose such a mandate, arguing that fines and Medicare payment cuts would deplete hospitals of the resources they need to prevent cyberattacks. was.
In response to a question from Bloomberg News about Neuberger's remarks, the association said, “The primary source of cyber risks facing the healthcare sector is not the hospital's core systems, but vulnerabilities in third-party technology and service providers.” It's due to gender.” “The AHA supports a sector-wide approach to cyber resiliency. We continue to work with policymakers to develop approaches that are unfunded and focused across health care’s critical infrastructure. I’ll guess.”
Whitty told lawmakers UnitedHealth is still trying to figure out why its computer systems were left vulnerable. The company said it would take months to assess the full extent of the breach, leaving Americans unsure what personal medical data may have been exposed, but it said it would take steps to protect patient information He said he paid a ransom of $22 million.
Photo: Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. Photo credit: Leigh Vogel/UPI/Bloomberg
Copyright 2024 Bloomberg.
topic
cyber-
interested in cyber-?
Get automatic alerts on this topic.
