HIPAA Journal July 8, 2024
Steve Alder

In April, as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) issued a Notice of Proposed Rulemaking (NPRM) introducing new requirements for critical infrastructure entities to report certain cybersecurity incidents. CISA sought comment from the public, and several healthcare stakeholders have provided feedback on the proposed rule.

Background

The proposed rule requires critical infrastructure entities to report cybersecurity incidents to CISA within 72 hours of detecting a cybersecurity incident and within 24 hours of making a ransomware payment. The types of covered incidents include:

  • Unauthorized system access
  • Denial of Service (DOS) attacks with a duration of more than 12 hours
  • Malicious code on systems, including variants if...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
Hospital cybersecurity spend to rise in 2025: 4 details
GAO: HHS falls short on healthcare cybersecurity
Healthcare ransomware attacks surge in 2024: 5 things to know
Getting Proactive: How Managed Security Providers Boost Preventative Security, Too
The cybersecurity provider’s next opportunity: Making AI safer

Share This Article