Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

US seeks to establish minimum cyber requirements for healthcare

The US government reportedly has plans to develop a minimum cyber security standard that healthcare organisations and services will have to meet.

user icon Daniel Croft
Tue, 12 Dec 2023
US seeks to establish minimum cyber requirements for healthcare
expand image

Speaking at the Aspen Security forum, US deputy national security adviser for cyber and emerging technologies Anne Neuberger said that in light of recent hospital attacks that were the result of a known vulnerability, the government is planning to introduce new requirements.

“[The government] … recognises that we need to put in place requirements so every sector does the basics,” she said.

“For example, I think reports are that for the very significant recent hospital attacks, the particular vulnerability that was exploited was on the government’s known exploited vulnerability catalogue for four weeks by that time.

============
============

“We’re working very closely with the HHS and the Centre for Medicare and Medicaid to put in place those minimum practices for health care.”

While Neuberger didn’t specify the vulnerability, a number of hospitals and healthcare organisations faced outages as a result of a Citrix Bleed vulnerability in the last two months, leading to the US Department of Health and Human Services (HHS) warning hospitals to patch the issue immediately.

Outside of what Neuberger revealed, details of the US government’s plans to introduce minimum cyber security requirements are yet to be fleshed out publicly.

The announcement by Neuberger comes as the HHS has released a new paper outlining how it plans to support the cyber security of the healthcare industry.

Following the discovery by the HHS Office for Civil Rights that the number of large reported breaches had increased 93 per cent between 2018 and 2022, and the number involving ransomware had increased 278 per cent, the HHS listed several steps it will follow to “advance cyber resiliency in the healthcare centre.

For starters, it plans to “establish voluntary cyber security goals for the sector”, which will see it outline “essential” and “enhanced” goals that it recommends healthcare organisations follow.

It also plans to implement an HHS-wide strategy to support accountability and enforcement, provide resources for the implementation of cyber security practices and further bolster the “one-stop shop” for healthcare cyber security support.

“A one-stop shop will enhance coordination within HHS and the federal government, deepen government’s partnership with industry, increase HHS’s incident response capabilities, and promote greater uptake of government services and resources such as technical assistance, vulnerability scanning, and more,” it wrote.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.