Feds Making Moves to Require Baseline Cyber Standards for Hospitals

The Biden Administration announced it plans to impose minimum cybersecurity standards for hospitals in the near term, according to a Government Technology report.

Anne Neuberger, deputy national security advisor for cyber and emerging technology made the announcement during an interview at the Bloomberg Tech Summit on May 9. The Administration also intends to provide free training to 1,400 small and rural hospitals, which will be available within the next few weeks.

The Administration’s plan to enact cyber requirements for hospitals comes in response to the report that the Change Health incident led to the compromise of data tied to 100 million Americans. The announcement was made as Ascension announced all of its 140 hospitals are operating under network downtime in response to a cyberattack.

First Health Advisory supports the Federal Government’s plan to issue baseline cybersecurity requirements for hospitals, considering the heightened threat and clear impact to patient care and safety. However, it is clear in the twenty-one years since the Health Insurance Portability and Accountability Act (HIPAA)’s first effective date that “unfunded mandates” are not effective without incentives and inducements to encourage providers, of all sizes, to be able to meet those requirements. These baseline requirements are about nothing less than the care and safety of every American.

Many hospitals are operating in the red and will need support to bring their systems into a more mature cyber posture. As such, we’re encouraged to see the announcement that the Administration will also offer free training to these entities. Healthcare is only as strong as its weakest link, and we can all benefit from working together to solve these challenges.

The Change Health and Ascension incidents reaffirm what industry stakeholders have long warned: all of healthcare is at risk of falling victim to the inevitable cyberattack, even with all of the right measures, cyber budgets, and tools. These serious disruptions cause patient safety risks on a broad scale.

It’s time for action from hospital leadership, as well as Congress and the Administration, to help secure healthcare.