HIPAA Journal July 8, 2024
Steve Alder

In April, as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) issued a Notice of Proposed Rulemaking (NPRM) introducing new requirements for critical infrastructure entities to report certain cybersecurity incidents. CISA sought comment from the public, and several healthcare stakeholders have provided feedback on the proposed rule.

Background

The proposed rule requires critical infrastructure entities to report cybersecurity incidents to CISA within 72 hours of detecting a cybersecurity incident and within 24 hours of making a ransomware payment. The types of covered incidents include:

  • Unauthorized system access
  • Denial of Service (DOS) attacks with a duration of more than 12 hours
  • Malicious code on systems, including variants if...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
7 of the biggest healthcare cyberattack and breach stories of 2024
‘Orgs need to be ready’: AI risks and rewards for cybersecurity in 2025
Healthcare cybersecurity in 2025: 3 things to know
Another House bill to aims to protect against hospital cyberattacks
Q&A: CybersolutionsMD CEO on preventing cyberattacks

Share This Article