US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.
This comes as hospitals and health clinics nationwide continue to be menaced by ransomware, and cybercrims resort to diabolical tactics to make victims pay up.
The Centers for Medicare and Medicaid Services, an arm of the US Department of Health and Human Services, is reportedly drawing up rules connecting hospital IT security with funding, which are set to take effect before the end of the year.
When asked about the draft rules, a CMS spokesperson directed The Register to a concept paper published in December that outlines the Department of Health and Human Services' cybersecurity strategy.
Last year alone, at least 46 US hospital corporations with a total of 141 facilities between them were hit by ransomware infections, and at least 32 of these networks had protected health information and other patient data stolen during the intrusions, according to Emsisoft.
For comparison: There were 25 of these affected hospital systems in 2022, the infosec biz says.
In addition to stealing hospitals' data, criminals are also using increasingly nasty extortion tactics to put pressure on health care execs to pay ransoms.
This includes emailing patients directly and threatening to sell their health records, leaking breast cancer patients' nudes, and even threatening to swat hospital patients.
While no one is going to argue against improving hospitals' security posture, cutting off their funding may not help the situation, according to some.
The Register's journalists debated the issue in this week's Kettle recording.
This Cyber News was published on go.theregister.com. Publication date: Wed, 10 Jan 2024 21:13:05 +0000