Senator Ron Wyden has urged the U.S. Department of Health and Human Services (HHS) to implement stricter cybersecurity regulations for the healthcare sector. He criticized HHS for its current approach, which relies on the sector’s self-regulation, arguing that it has failed to prevent major attacks such as the Change Healthcare ransomware incident. Wyden believes that HHS must take decisive, enforceable steps to improve cybersecurity practices among large healthcare providers to better protect patient information and ensure system resilience.
Wyden has specifically called for the establishment of minimum technical cybersecurity standards for systemically important entities (SIEs), such as large health systems and clearinghouses. He emphasized the need for these entities to meet resiliency requirements, including the capability to rebuild their IT infrastructure within 48 to 72 hours if compromised. Additionally, Wyden advocates for periodic HIPAA audits to focus on cybersecurity practices and suggests leveraging existing programs to provide technical assistance to healthcare providers with limited resources.
While some experts agree with Wyden’s focus on improving healthcare cybersecurity, they argue that new regulations might not be the most effective solution. They point out that technology evolves rapidly, and setting rigid minimum standards could become outdated quickly. Furthermore, the suggestion to rebuild IT infrastructure within a short timeframe is seen as unrealistic and potentially financially burdensome for healthcare providers already struggling with tight budgets.
Wyden’s push for enhanced cybersecurity measures comes in the wake of a significant cyberattack on Change Healthcare, which disrupted services for thousands of healthcare providers. His call for action includes not only stricter regulations but also better technical assistance to improve cybersecurity defenses. Despite some skepticism about the feasibility of certain measures, his proposals highlight the urgent need for robust security practices in the healthcare sector.
Reference: