National Security Adviser: White House to Propose Cybersecurity Standards for Hospitals, Other Entities

The White House is proposing to require hospitals and other health care entities that receive Medicare and Medicaid funding to meet minimum cybersecurity standards.

Anne Neuberger, deputy national security adviser for cyber and emerging technology and a past Wash100 awardee, and an unnamed U.S. official revealed the enforcement plan, following a recent cyberattack on Change Healthcare that exposed the data of millions of Americans and delayed payments to medical providers worth billions of dollars, Bloomberg reported.

Apart from the Change incident, Ascension, a nonprofit hospital chain, also reported a disruption of its operations due to a network systems breach, further showing the vulnerability of the U.S. health care industry.

Meanwhile, the American Hospital Association opposes mandatory cybersecurity standards, arguing that it would drain resources from hospitals. 

The association advocates for a sector-wide approach to cybersecurity and intends to continue collaborating with policymakers to develop strategies that comprehensively address the critical infrastructure of the health care sector.

As part of the response, the Biden administration also plans to provide free cybersecurity training to 1,400 small and rural hospitals nationwide.

While Neuberger did not give a specific timeline for the initiative, a notice of proposed rulemaking will reportedly be issued in the coming weeks, which will be followed by a public comment period.