Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Cyber Security Proposed US Bill Mandates MFA and Cybersecurity Standards for Healthcare
Change Healthcare CISA Cyber Security cybersecurity in healthcare Healthcare Cyberattacks HHS MFA regulatory measures

Proposed US Bill Mandates MFA and Cybersecurity Standards for Healthcare

New US legislation proposes MFA and stricter cybersecurity standards for healthcare to safeguard sensitive data and improve breach response.
Sunday, December 01, 2024

 

A bipartisan group of US senators has introduced new legislation aimed at strengthening cybersecurity in American hospitals and healthcare organizations. The Health Care Cybersecurity and Resiliency Act of 2024 seeks to mandate the adoption of multi-factor authentication (MFA) and establish minimum cybersecurity standards to protect sensitive health information and ensure system resilience against cyberattacks. 

The proposed law, unveiled by Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), aims to improve coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA). Under this legislation, HHS would have a year to develop a comprehensive cybersecurity incident response plan and update the breach reporting portal with additional transparency requirements. 

Currently, healthcare entities classified as “covered entities” under HIPAA are obligated to report breaches to HHS. The new legislation expands these requirements, compelling organizations to disclose the number of individuals affected by a breach, corrective actions taken, and recognized security practices considered during investigations. The HHS secretary would have discretion to add further information to the portal as needed. In addition to enforcing MFA and encrypting protected health information, the bill outlines broader cybersecurity mandates. Covered entities and their business associates would need to adopt minimum standards defined by HHS, conduct regular audits, and perform penetration testing to validate their security measures. 

Senator Cassidy, a medical doctor and ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, underscored the urgency of this legislation. “Cyberattacks on our healthcare sector not only put patients’ sensitive health data at risk but can delay life-saving care,” Cassidy emphasized. The devastating impact of cyberattacks on healthcare was exemplified earlier this year when a ransomware gang targeted Change Healthcare, compromising sensitive health data from approximately 100 million individuals. 

The attack disrupted healthcare services nationwide and cost the UnitedHealth-owned company over $2 billion in remediation efforts, taking nine months to restore its operations. This high-profile incident spurred additional legislative action. Senators Warner and Ron Wyden (D-Oregon) proposed another bill earlier this year to establish mandatory minimum cybersecurity standards for healthcare providers and related organizations. 

 If enacted, the Health Care Cybersecurity and Resiliency Act would mark a significant step in fortifying the healthcare sector’s defenses against cyber threats, ensuring the security of patient data and the continuity of critical healthcare services.
Tags: Change Healthcare CISA Cyber Security cybersecurity in healthcare Healthcare Cyberattacks HHS MFA regulatory measures
Share it:

Change Healthcare

CISA

Cyber Security

cybersecurity in healthcare

Healthcare Cyberattacks

HHS

MFA

regulatory measures