The White House has announced plans to update the Health Insurance Portability and Accountability Act (HIPAA) with new cybersecurity regulations aimed at protecting healthcare institutions’ sensitive user data. The proposed rules, set to be published in the Federal Register for public comment, would require entities handling healthcare information to encrypt data, monitor networks for threats, and conduct compliance checks.
The 20-year-old HIPAA security rule has been revised only once before, in 2013. Deputy National Security Adviser Anne Neuberger says the update is necessary due to a five-year increase in healthcare data breaches, including the recent ransomware attacks on Change Healthcare and Ascension hospital networks, which resulted in significant losses.
The new regulations would add clarity and specificity about cybersecurity to HIPAA, with an estimated implementation cost of $9 billion in the first year and $6 billion annually for years two to five. The White House believes that the potential consequences of not acting quickly enough are too severe, including endangering patient safety and critical infrastructure.
The update follows a 2024 healthcare data breach that exposed sensitive information from over 100 million people. The proposed rules have been backed by members of Congress who are concerned about the continued shutdowns of hospitals due to ransomware attacks.
Source: https://therecord.media/hipaa-cybersecurity-regulations-update