The U.S. government is reportedly set to propose new rules requiring hospitals to adhere to basic cybersecurity standards to qualify for federal funding.
The Register reports that the U.S. government, in an effort to counter the increasing cyber threats facing healthcare institutions, is set to implement new rules that link federal funding for hospitals to their adherence to basic cybersecurity standards. This initiative, led by the White House, is being formulated in response to the ongoing issue of ransomware attacks and other cybercriminal activities that continue to target hospitals and health clinics nationwide.
When asked for comment on the initiative, a spokesperson for the Centers for Medicare and Medicaid Services (CMS) – a U.S. government body – told The Register: “One of the key action areas is increasing accountability and coordination within the health care sector. CMS values feedback from stakeholders and continues to consider how to improve cybersecurity most effectively across the health care sector. CMS does not comment on the substance of policies before they are proposed.”
Breitbart News has previously reported on the increasing number of ransomware attacks in recent years across a broad spectrum of industries.
Many of the targets were hospital systems. St. Margaret’s Health in Spring Valley, Illinois, was forced to shut down for good, partially due to a disastrous ransomware attack in 2021. This is the first instance in which a hospital has openly attributed a cyberattack to its closure.
Last year, at least 46 U.S. hospital corporations, which operate a total of 141 facilities, were hit by ransomware attacks. In at least 32 of these cases, protected health information and other patient data was stolen during the hacks. This data theft not only compromises patient privacy but also significantly hampers hospital operations – which is one of the reasons they’re targeted by criminals so frequently. Hospitals are more likely to pay out ransoms in these cases as they need their systems operational as quickly as possible to continue helping patients.
Cybercriminals have also begun resorting to increasingly invasive methods to extort money from healthcare institutions. These tactics have evolved beyond data theft to more personal methods like emailing patients directly, threatening to sell their health records, leaking sensitive information such as nude photos of breast cancer patients, and even resorting to threats of physical harm against hospital patients.
However, some experts, like Emsisoft Threat Analyst Brett Callow, have expressed concerns that denying funding to hospitals that fail to meet these standards might be counterproductive.”Denying funding to hospitals doesn’t seem like the best way to help them improve their security,” Callow said. “In fact, it may do the exact opposite.”