HIPAA Journal July 8, 2024
Steve Alder

In April, as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) issued a Notice of Proposed Rulemaking (NPRM) introducing new requirements for critical infrastructure entities to report certain cybersecurity incidents. CISA sought comment from the public, and several healthcare stakeholders have provided feedback on the proposed rule.

Background

The proposed rule requires critical infrastructure entities to report cybersecurity incidents to CISA within 72 hours of detecting a cybersecurity incident and within 24 hours of making a ransomware payment. The types of covered incidents include:

  • Unauthorized system access
  • Denial of Service (DOS) attacks with a duration of more than 12 hours
  • Malicious code on systems, including variants if...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
EU action plan to make healthcare more resilient to cyber threats
The financial toll of the Change Healthcare hack: 7 numbers
The double-edged sword of AI and cybersecurity
Kristi Noem’s Bold Reset For CISA: A Return To Cybersecurity Duties
Slew of OCR activity underscores agency’s focus on security and AI

Share This Article