Significantly increased prevalence of major data breaches and ransomware attacks in healthcare between 2018 and 2022 have prompted the Department of Health and Human Services to unveil a new cybersecurity strategy for the sector that involves increased cybersecurity funding and enforcement, FierceHealthcare reports.
Aside from creating voluntary healthcare cybersecurity goals aimed at streamlining various security standards, the HHS will also be working with Congress to incentivize healthcare providers conducting short- and long-term cybersecurity improvements, as well as establish new cybersecurity requirements that would entail larger penalties for those that fail to adhere to the HIPAA Security Rule. HHS will also move to strengthen its Administration of Strategic Preparedness and Response under the new strategy.
"HHS is working with healthcare and public health partners to bolster our cybersecurity capabilities nationwide. We are taking necessary actions that will make a big difference for the hospitals, patients and communities who are being impacted," said HHS Secretary Xavier Becerra.
BleepingComputer reports vulnerable ConnectWise ScreenConnect servers impacted by the CVE-2024-1708 and CVE-2024-1709 flaws were observed by Sophos X-Ops researchers to have been subjected to numerous LockBit ransomware attacks since Feb. 21 .