More stringent cybersecurity rules were noted by Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger to be considered under a new version of the Health Insurance Portability and Accountability Act, which has been deemed crucial following the significant ransomware intrusions against Change Healthcare and Ascension Health this year, reports The Record, a news site by cybersecurity firm Recorded Future.
Under a draft of the updated HIPAA poised to be released by the Department of Health and Human Services, healthcare organizations across the U.S. would be mandated to encrypt stored data, as well as conduct network monitoring and HIPAA compliance checks, according to Neuberger.
"The cost of not acting is not only high, it also endangers critical infrastructure and patient safety, and it carries other harmful consequences," said Neuberger, while justifying the need for nearly $9 billion to adopt the new rules in the first year and another $6 billion yearly between the second and fifth years of implementation.