The Biden administration is looking to introduce a policy that will require US hospitals to meet a certain level of digital security, including multi-factor authentication, in order to secure federal funding.
A number of attacks in recent months have severely impacted hospitals, forcing ambulances to be diverted and non-urgent procedures to be rescheduled.
Hospitals are already bound by a number of requirements relating to building construction, security and how patients are treated in order to secure funding.
Basic cyber hygiene
Hospitals are lucrative targets for ransomware attacks due to the sensitivity and amount of data stored on their systems, and often lack the robust security structure needed to keep cybercriminals out of their systems. The increasing complexity and number of network enabled devices used in medical procedures and patient care increases the vulnerability of hospitals to cyber attacks.
That’s why establishing this basic level of cyber security as a prerequisite for federal funding is seen as a necessary step in preventing cyber attacks against hospitals. Introducing measures such as multi-factor authentication to hospital devices alongside software update timelines can stem the flow of attacks.
An anonymous senior administration official told The Messenger that the government is “homing in on those key cybersecurity practices that we really do believe bring a meaningful impact.” It is expected that this policy will come into effect at some point this year.
The rules for basic cybersecurity are to be proposed in the near future by the Centers for Medicare & Medicaid Services, and will hopefully work in combination with the International Counter-Ransomware Initiative’s pledge of non-payment to ransomware attacks that target government institutions.
Recent studies have shown that cyber attacks on hospitals can have real-world effects on patient health, with a 2022 study finding that some hospitals reported an increase in patient mortality following cyber attacks on IoT devices.
More from TechRadar Pro
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.
He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.
Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.