HealthExec July 8, 2024
Chad Van Alstin

A proposed rule by the Cybersecurity and Infrastructure Security Agency (CISA) would require swift reporting of cybersecurity incidents and ransomware attacks by several entities working in critical infrastructure, including hospitals.

However, healthcare provider groups and hospitals say the rule—which requires security incidents to be reported in 72 hours and ransom requests be reported in 24—must include third-party vendors and insurance companies if it is to be effective, especially after the breach of Change Healthcare effectively shut down reimbursement for much of the country.

In its proposed rule, first released in 2022, CISA has not included any language about regulatory requirements from health IT vendors, labs and insurance companies. This means they are effectively excluded while hospitals, urgent care...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, Provider, Technology
Related Articles:
Six Cybersecurity Trends Heating Up In 2025
Five Things The C-Suite Gets Wrong About Cybersecurity
Critical Condition: The Increasing Frequency of Ransomware Attacks in Healthcare
Cyber Help Needed: KLAS Report Finds Many Health Systems Availing Themselves of Consulting & Managed Services to Stay Secure
Top Five Trends

Share This Article