July 9, 2024

Healthcare industry groups criticize federal cybersecurity reporting rule

Editor's Note

Healthcare industry groups are calling for the federal government to streamline and ease the recently proposed cybersecurity incident reporting rule by the Cybersecurity and Infrastructure Security Agency (CISA), Fierce Healthcare reported July 8.

According to the report, CISA's proposal imposes enhanced reporting requirements for critical infrastructure entities, including hospitals, manufacturers of essential medicines, and certain IT entities, among others. However, The American Hospital Association (AHA) and other groups argue a 72-hour reporting requirement is unreasonable and diverts attention from managing ongoing cyber incidents. They also highlight the strain of maintaining extensive data logs for two years and the risk associated with detailing cyber defenses to CISA. Groups are also advocating for reconsidering inclusion criteria, particularly for small medical practices and IT vendors that may not be adequately defined.

Live chat by BoldChat