The Biden administration is planning to implement a policy mandating that US hospitals achieve a specific standard of digital security, such as multi-factor authentication, to be eligible for federal funds. This move comes in response to several recent cyber attacks on hospitals, which have caused significant disruptions, including the diversion of ambulances and rescheduling of non-urgent medical procedures.
To receive federal funding, hospitals are already required to comply with various standards related to building construction, security, and patient care. Given the high value of the data hospitals hold and their often inadequate cybersecurity infrastructure, these institutions are prime targets for ransomware attacks. The increasing use of network-enabled devices in healthcare further heightens their vulnerability.
This new baseline for cybersecurity, which is considered vital for protecting hospitals from cyber threats, will be a condition for federal funding. Implementing safeguards like multi-factor authentication and regular software updates is seen as crucial in reducing these cyber risks.
A senior official from the administration, who chose to remain unnamed, informed The Messenger about the government’s focus on critical cybersecurity practices expected to have a significant impact. The policy is anticipated to be enacted sometime this year.
The Centers for Medicare & Medicaid Services will soon propose these cybersecurity standards, aiming to work in tandem with the International Counter-Ransomware Initiative’s commitment to not pay ransom in attacks targeting government bodies.
Recent research highlights the tangible impact of cyber attacks on patient health in hospitals. A study from 2022 revealed an increase in patient mortality rates in some hospitals following cyber attacks on Internet of Things (IoT) devices.