Uncle Sam tells hospitals: Meet security standards or no federal dollars for you

2024-01-10 20:32

US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.

The Centers for Medicare and Medicaid Services, an arm of the US Department of Health and Human Services, is reportedly drawing up rules connecting hospital IT security with funding, which are set to take effect before the end of the year.

Citing an unnamed government official, this Messenger report says the proposed rules will focus on "Those key cybersecurity practices that we really do believe bring a meaningful impact." And federal funding will hinge on hospitals enacting these basic network defenses.

According to the HHS paper [PDF], officials will propose new, enforceable security standards, and will work with Congress to administer financial support and incentives for hospitals to implement "High-impact cybersecurity practices," among other actions.

While no one is going to argue against improving hospitals' security posture, cutting off their funding may not help the situation, according to some.

"Denying funding to hospitals doesn't seem like the best way to help them improve their security," Emsisoft Threat Analyst Brett Callow told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/10/us_hospitals_security_rules/

#hospital #security