Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
There is a new pair of sheriffs in town and they are looking to make sure that the healthcare industry is dotting their I’s and crossing their T’s when it comes to cybersecurity.
Last week, Democratic senators Ron Wyden and Mark Warner introduced the Health Infrastructure Security and Accountability Act, a bill that would require the Department of Health and Human Services (HHS) to develop a set of minimum cybersecurity standards for healthcare providers, health plans, clearinghouses, and business associates.
“With hacks already targeting institutions across the country, it’s time to go beyond voluntary standards and ensure healthcare providers and vendors get serious about cybersecurity and patient safety,” Sen. Warner said in a statement accompanying the announcement of the bill.
The proposed bill would also require the HHS to audit the data security practices of 20 companies per year and eliminate statutory caps on the agency’s fining authority in hopes that larger fines could deter bad cybersecurity practices.
The worst of times. The new bill comes roughly seven months after Change Healthcare, one of the largest health payment processing companies in the world, was a victim of a ransomware attack that sent ripples of destruction through the healthcare industry. The February incident against the healthcare technology company, owned by UnitedHealth Group, has been regarded as one of the “most significant cyberattacks on the US healthcare system in American history,” as reported by Healthcare Brew.
“Mega-corporations like UnitedHealth are flunking Cybersecurity 101, and American families are suffering as a result,” Wyden said in a statement.
The bill also comes at a time when the healthcare industry has continued to have a large target on its back for cybersecurity crime. IT Brew previously reported that 121 ransomware incidents impacted the US healthcare sector from January to June of this year alone.
The two senators hope that the legislation will prepare the healthcare sector to combat future incidents.
“These common sense reforms, which include jail time for CEOs that lie to the government about their cybersecurity, will set a course to beef up cybersecurity among healthcare companies across the nation and stem the tide of cyberattacks that threaten to cripple the American health care system,” Sen. Wyden said.