HealthExec July 8, 2024
Chad Van Alstin

A proposed rule by the Cybersecurity and Infrastructure Security Agency (CISA) would require swift reporting of cybersecurity incidents and ransomware attacks by several entities working in critical infrastructure, including hospitals.

However, healthcare provider groups and hospitals say the rule—which requires security incidents to be reported in 72 hours and ransom requests be reported in 24—must include third-party vendors and insurance companies if it is to be effective, especially after the breach of Change Healthcare effectively shut down reimbursement for much of the country.

In its proposed rule, first released in 2022, CISA has not included any language about regulatory requirements from health IT vendors, labs and insurance companies. This means they are effectively excluded while hospitals, urgent care...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, Provider, Technology
Related Articles:
HIMSS 2025: Four big themes of the health conference
Weak cyber defenses are exposing critical infrastructure — how enterprises can proactively thwart cunning attackers to protect us all
B2B Healthcare Procurement Has a Growing Hacking Problem
Critical infrastructure at state, local levels at heightened risk of cyberattacks
MedCity Pivot Podcast: Being Clear About Cybersecurity

Share This Article