A massive data leak has forced the US to update its cybersecurity regulations in the healthcare sector

31 December 2024 2 minutes Author: Newsman

A massive healthcare data breach has prompted the US Department of Health and Human Services to update HIPAA regulations to include requirements for data encryption, multi-factor authentication and network segmentation.

The update addresses provisions of the Health Insurance Portability and Accountability Act (HIPAA), which were last amended in 2013. The new requirements require organizations handling protected health information (PHI) to encrypt data, implement multi-factor authentication, and segment their networks to make it more difficult for attackers. The update is due to an increase in the number of cyber incidents related to hacker attacks and ransomware.

Only in recent years, the number of attacks has significantly increased, from which more than 500 people have been affected. The rules will be updated within the next 60 days, according to White House deputy cybersecurity adviser Anna Neuberger. It will cost US$9 billion in the first year and more than US$6 billion over the next four years. An example of the severity of the situation is the attack on the Ascension system in May 2024, when the Black Basta ransomware stole the data of 5.6 million people, forcing doctors to work without electronic records and causing significant delays in the provision of medical services.

HIPAA was first implemented in 1996 and its security rules were last updated in 2013. Cyber ​​threats have evolved significantly over the past decade, forcing the US government to rethink its approach to data protection. The proposed update is an important step towards protecting patient data and ensuring cybersecurity in healthcare. However, its implementation will require significant resources and active cooperation between governments and health organizations.

Other related articles
News
Read more
Data leak of owners of 800,000 Volkswagen electric cars
Volkswagen has faced a major data breach that has exposed the movement of 800,000 electric vehicles and the contact details of their owners to the public. This incident raises serious questions about protecting customer privacy in today's automotive industry.
50
News
Read more
Schneider Electric data breach
Schneider Electric has again become the victim of a large-scale cyber attack. After the company refused to meet the ransom demand, the hackers put 40 GB of stolen data on the darknet. This incident underscores the importance of strengthening cybersecurity measures to protect critical infrastructure.
56
Found an error?
If you find an error, take a screenshot and send it to the bot.