Facing a surge in cyberattacks, the US government proposes significant changes to HIPAA regulations. The proposed rules aim to enhance healthcare cybersecurity by mandating modern security measures like multi-factor authentication and data encryption.
 |
| The US Department of Health and Human Services proposes major updates to the HIPAA Security Rule, including mandatory multi-factor authentication, data encryption, and regular vulnerability scans, to better protect patient data from cyberattacks. Image: Collected |
Washington, USA - December 29, 2024:
The US Department of Health and Human Services (HHS) has proposed significant updates to the HIPAA Security Rule, aiming to strengthen the protection of patient data within the healthcare sector. The proposed rules, published in the Federal Register, include a range of modern cybersecurity measures such as mandatory multi-factor authentication, data encryption, and regular vulnerability scans.
The move comes amid a surge in cyberattacks targeting healthcare organizations. In 2023 alone, over 167 million individuals were impacted by large-scale breaches, a substantial increase compared to previous years.
The HHS estimates the initial implementation cost of these measures to be around $9 billion, followed by $6 billion annually for the next four years. A 60-day public comment period is expected to begin soon, allowing stakeholders to provide feedback on the proposed changes.
This proposed overhaul of the HIPAA Security Rule reflects the growing urgency of addressing cybersecurity threats within the healthcare sector. By implementing these enhanced safeguards, healthcare organizations can better protect patient data and maintain the trust of their communities.