By AJ Vicens

Dec 27 (Reuters) - Healthcare organizations may be

required to bolster their cybersecurity, to better prevent

sensitive information from being leaked by cyberattacks like the

ones that hit Ascension and UnitedHealth ( UNH ), a senior White

House official said Friday.

Anne Neuberger, the U.S. deputy national security advisor

for cyber and emerging technology, told reporters that proposed

requirements are necessary in light of the massive number of

Americans whose data has been affected by large breaches of

healthcare information. The proposals include encrypting data so

it cannot be accessed, even if leaked, and requiring compliance

checks to ensure networks meet cybersecurity rules.

The healthcare information of more than 167 million

people was affected in 2023 as a result of cybersecurity

incidents, she said.

The proposed rule from the Department of Health and Human

Services would update standards under the Health Insurance

Portability and Accountability Act (HIPAA) and would cost an

estimated $9 billion in the first year, and $6 billion in years

two through five, Neuberger said.

Large healthcare breaches caused by hacking and ransomware

have increased by 89% and 102%, respectively, since 2019, she

said.

"In this job, one of the most concerning and really

troubling things we deal with is hacking of hospitals, hacking

of healthcare data," Neuberger said.

Hospitals have been forced to operate manually and

Americans' sensitive healthcare data, mental health information

and other information are "being leaked on the dark web with the

opportunity to blackmail individuals," Neuberger said.

The Department of Health and Human Services did not

immediately respond to a request for comment.

(Additional reporting by Raphael Satter in Washington; Editing

by Chizu Nomiyama)