iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The US government reportedly has plans to develop a minimum cyber security standard that healthcare organisations and services will have to meet.
Speaking at the Aspen Security forum, US deputy national security adviser for cyber and emerging technologies Anne Neuberger said that in light of recent hospital attacks that were the result of a known vulnerability, the government is planning to introduce new requirements.
“[The government] … recognises that we need to put in place requirements so every sector does the basics,” she said.
“For example, I think reports are that for the very significant recent hospital attacks, the particular vulnerability that was exploited was on the government’s known exploited vulnerability catalogue for four weeks by that time.
“We’re working very closely with the HHS and the Centre for Medicare and Medicaid to put in place those minimum practices for health care.”
While Neuberger didn’t specify the vulnerability, a number of hospitals and healthcare organisations faced outages as a result of a Citrix Bleed vulnerability in the last two months, leading to the US Department of Health and Human Services (HHS) warning hospitals to patch the issue immediately.
Outside of what Neuberger revealed, details of the US government’s plans to introduce minimum cyber security requirements are yet to be fleshed out publicly.
The announcement by Neuberger comes as the HHS has released a new paper outlining how it plans to support the cyber security of the healthcare industry.
Following the discovery by the HHS Office for Civil Rights that the number of large reported breaches had increased 93 per cent between 2018 and 2022, and the number involving ransomware had increased 278 per cent, the HHS listed several steps it will follow to “advance cyber resiliency in the healthcare centre.
For starters, it plans to “establish voluntary cyber security goals for the sector”, which will see it outline “essential” and “enhanced” goals that it recommends healthcare organisations follow.
It also plans to implement an HHS-wide strategy to support accountability and enforcement, provide resources for the implementation of cyber security practices and further bolster the “one-stop shop” for healthcare cyber security support.
“A one-stop shop will enhance coordination within HHS and the federal government, deepen government’s partnership with industry, increase HHS’s incident response capabilities, and promote greater uptake of government services and resources such as technical assistance, vulnerability scanning, and more,” it wrote.
Be the first to hear the latest developments in the cyber industry.
