The US Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). The revised regulations aim to bolster cybersecurity for electronic protected health information (ePHI), through mandatory data encryption, multifactor authentication, and network segmentation. Deputy National Security Adviser Anne Neuberger estimates the first-year cost at $9bn, with an additional $6bn over the following four years. The HHS is seeking public feedback before finalising the rule.

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted