Lexology November 12, 2024
The healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal cybersecurity program as part of its settlement of cybersecurity breach claims.
The Regulatory Angle: What Hospitals in New York State Need to Know
The New York State Department of Health (Department) published the new cybersecurity regulations (Regulations) on October 2, 2024 to “ensure continued functioning of patient care and hospital operations.” The Regulations only apply to “general hospitals” in New York; they are not applicable...