In a proposal posted on Friday in the Federal Register, the Office for Civil Rights of the US Department of Health and Human Services (HHS) outlined several new requirements that could improve the cybersecurity practices of healthcare organizations. The proposal, which includes requirements for multifactor authentication, data encryption, and routine vulnerability and breach scans, was posted to the Federal Register on Friday.
Furthermore, anti-malware protection for systems handling sensitive information will be mandated, network segmentation will be implemented, backup and recovery controls will be separated, and yearly audits will be conducted to ensure compliance with the law. Additionally, the new requirements will require that sensitive information systems be protected against malware, the network must be segmented, backup and recovery controls must be separate, and compliance with these requirements must be monitored annually.
Since healthcare organizations hold such sensitive data and provide critical services to society, they have become increasingly vulnerable to threat actors. As a result of this, organizations have become increasingly forced to pay large ransoms for their systems and information to continue to operate as a consequence of the attacks.
HHS’ Office for Civil Rights (OCR) has proposed strict cybersecurity rules that will be published as a final rule within 60 days, and they will be issued by the Office of Civil Rights. […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: