Home Biden administration to introduce cybersecurity requirements for hospitals

Biden administration to introduce cybersecurity requirements for hospitals

The Biden administration is set to unveil new cybersecurity requirements for hospitals, as per a recent report by The Messenger. These forthcoming regulations aim to fortify digital defenses in healthcare facilities, ensuring federal funding is contingent on the implementation of basic security measures.

The Centers for Medicare & Medicaid Services, a branch of the Department of Health and Human Services, is expected to propose these rules within the next month. These regulations will mandate hospitals to establish fundamental digital security protocols to qualify for federal funding. A senior administration official, speaking on the condition of anonymity, indicated that these requirements are anticipated to be enforced before the year’s end.

Hospitals have long been prime targets for cybercriminals due to their reliance on technology for both administrative and medical purposes. Recent incidents, such as the cyberattack on Tennessee-based Ardent Health Services, have highlighted the vulnerabilities in the healthcare system. These attacks have led to the diversion of ambulances, rescheduling of procedures, and even the cancellation of surgeries, underscoring the critical need for enhanced cybersecurity measures.

Striking a balance: Cybersecurity and healthcare operations

In response to these growing threats, the Biden administration has been actively deliberating on strategies to improve security standards in the healthcare industry. The new cyber rules will add to the extensive list of requirements hospitals must meet to receive reimbursement from Medicare and Medicaid programs.

Key elements of the new requirements include the implementation of multi-factor authentication and the establishment of a program to promptly address software vulnerabilities. These basic security practices are expected to significantly mitigate the risk of cyber incidents.

This move by the Biden administration marks a shift in the government’s approach to cybersecurity. Traditionally, the government has refrained from imposing specific cybersecurity mandates on critical industries. However, the administration has recently adopted a more proactive stance. Following the May 2021 Colonial Pipeline ransomware attack, the Transportation Security Administration introduced cyber rules for pipeline operators, which later influenced similar regulations for the aviation and rail industries.

Health and Human Services is now set to follow TSA’s lead with its own set of cybersecurity rules for hospitals. While some requirements will be clearly defined, others will offer more flexibility, allowing hospitals to tailor certain aspects, such as the timeframe for software patches, to their specific needs.

The administration anticipates negotiations during the public comment period following the rule’s release. Drawing from the TSA experience, the official noted that starting with more prescriptive requirements could facilitate easier adjustments based on industry feedback.

The reaction of the hospital industry to these impending rules remains uncertain. The American Hospital Association previously criticized the government’s plan to link cybersecurity requirements to federal funding. HHS has not yet commented on the potential for legal challenges to these new regulations.

This development could potentially lead to a standoff between the Biden administration and the hospital industry, reminiscent of the Environmental Protection Agency’s withdrawal of cybersecurity rules for water facilities following legal challenges. As the administration gears up to implement these critical cybersecurity measures, the healthcare sector braces for impactful changes in its operational landscape.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Maxwell Nelson
Tech Journalist

Maxwell Nelson, a seasoned journalist and content strategist, has contributed to industry-leading platforms, weaving complex narratives into insightful articles that resonate with a broad readership.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.