US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.
Citing an unnamed government official, this Messenger report says the proposed rules will focus on “those key cybersecurity practices that we really do believe bring a meaningful impact.”
When asked about the draft rules, a CMS spokesperson directed The Register to a concept paper published in December that outlines the Department of Health and Human Services’ (HHS) cybersecurity strategy.
According to the HHS paper [PDF], officials will propose new, enforceable security standards, and will work with Congress to administer financial support and incentives for hospitals to implement “high-impact cybersecurity practices,” among other actions.
Last year alone, at least 46 US hospital corporations with a total of 141 facilities between them were hit by ransomware infections, and at least 32 of these networks had protected health information and other patient data stolen during the intrusions, according to Emsisoft.
In addition to stealing hospitals’ data, criminals are also using increasingly nasty extortion tactics to put pressure on health care execs to pay ransoms.
The original article contains 431 words, the summary contains 190 words. Saved 56%. I’m a bot and I’m open source!