Lexology November 28, 2023
Ropes & Gray LLP

On November 13, 2023, New York Governor Kathy Hochul announced the release of proposed statewide hospital cybersecurity regulations that would require state-licensed hospitals to establish cybersecurity programs, policies and procedures (the “Proposed Regulations”).1 The Proposed Regulations feature requirements regarding cybersecurity policies and procedures, personnel, user authentication methods, security risk assessments, incident response plans, and two-hour reporting of certain incidents.

If approved by the New York State Public Health and Health Planning Council (“PHHPC”) and subsequently finalized, the Proposed Regulations would supplement federal Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule requirements but would be broader in some respects, including with regard to what information is subject to the requirements.

Proposed Hospital Cybersecurity Requirements. Notable requirements of the Proposed Regulations...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, Provider, Regulations, States, Technology
Cybersecurity In 2025: Evolving CISO Roles, New Regulations And More
Notorious Ransomware Gang Warns New Attacks Incoming On Feb. 3, 2025
How Generative AI Is Powering A New Era Of Cybersecurity
7 of the biggest healthcare cyberattack and breach stories of 2024
‘Orgs need to be ready’: AI risks and rewards for cybersecurity in 2025

Share This Article