HIPAA Journal July 8, 2024
Steve Alder

In April, as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) issued a Notice of Proposed Rulemaking (NPRM) introducing new requirements for critical infrastructure entities to report certain cybersecurity incidents. CISA sought comment from the public, and several healthcare stakeholders have provided feedback on the proposed rule.

Background

The proposed rule requires critical infrastructure entities to report cybersecurity incidents to CISA within 72 hours of detecting a cybersecurity incident and within 24 hours of making a ransomware payment. The types of covered incidents include:

  • Unauthorized system access
  • Denial of Service (DOS) attacks with a duration of more than 12 hours
  • Malicious code on systems, including variants if...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
Feds warn of Ghost ransomware targeting healthcare
1 year later: The Change Healthcare cyberattack and its lasting impact on healthcare
A Proactive Blueprint For Modern Cybersecurity
FBI Says Backup Now—Advisory Warns Of Dangerous Ransomware Attacks
How A Security Incident Response Plan Saves Money In Case Of A Cyberattack

Share This Article