Jonathan Greig reports:
Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday.
The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would provide $1.3 billion for the Department of Health and Human Services (HHS) to support hospitals and create “serious accountability” for companies that fail to meet cybersecurity standards.
Read more at The Record.
“Serious accountability” is certainly in order. Since 2009, HHS OCR has taken enforcement action in only four ransomware cases — the most recent was a 2017 incident announced this week. DataBreaches has frequently lamented the relatively low rate of Security Rule enforcement cases, even though this site understood some of the financial constraints HHS OCR faced due to lack of resources.
DataBreaches hopes this legislation will give HHS OCR greater resources but also mandate that they do more to audit entities and enforce violations of the HIPAA Security Rule.