Healthcare DIVE July 8, 2024
Emily Olsen

The proposed rule would require critical infrastructure industries to report cyber incidents.

Dive Brief:

  • Healthcare and hospital groups say a federal cybersecurity reporting proposal should explicitly include insurers and third-party vendors, citing the impact of the major cyberattack against medical claims clearinghouse Change Healthcare.
  • The proposed rule, released by the Cybersecurity and Infrastructure Security Agency this spring, would require companies broadly in critical infrastructure industries to report cyber incidents within 72 hours of discovery and document ransom payments within 24 hours.
  • CISA decided not to include sector-specific reporting criteria for insurance companies, health IT providers and labs or diagnostics facilities. But the American Hospital Association argued the exclusion doesn’t make sense, as disruption to a single company could ripple...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, Insurance, Provider, Technology
Related Articles:
Six Cybersecurity Trends Heating Up In 2025
Five Things The C-Suite Gets Wrong About Cybersecurity
Critical Condition: The Increasing Frequency of Ransomware Attacks in Healthcare
Cyber Help Needed: KLAS Report Finds Many Health Systems Availing Themselves of Consulting & Managed Services to Stay Secure
Top Five Trends

Share This Article