The Biden administration plans to introduce cybersecurity mandates for hospitals that would be accompanied by free training for smaller facilities, Bloomberg reported.
"We look to put in place minimum cybersecurity standards for hospitals in the near term,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, told the news outlet May 9.
The proposed rule could apply to all organizations that receive Medicare or Medicaid funding and would be followed by a public comment period, according to the story. The White House intends to offer the free training to 1,400 small, rural hospitals in the coming weeks.
The plans follow unceasing cyberattacks on the healthcare industry, including the February hack of Change Healthcare, which crippled claims processing for large swaths of the country and potentially breached the data of 1 in 3 Americans. St. Louis-based Ascension, the nation's second-largest nonprofit health system with 140 hospitals, was hit with a "cybersecurity incident" May 8 that has caused IT outages, ambulance diversions and canceled appointments across the U.S.
The American Hospital Association has long opposed cybersecurity requirements for hospitals, saying any fines or CMS reimbursement cuts would impinge health systems' ability to fight hacks.
"The primary source of cyber-risk exposure facing the healthcare sector originates from vulnerabilities in third-party technology and service providers, not a hospital's primary systems," the association told Bloomberg. "The AHA supports a sectorwide approach to cyber-resiliency. We will continue to work with policymakers on an approach that doesn't result in unfunded mandates and a focus on the entire critical infrastructure of the healthcare sector."