Proposed federal rule would require hospitals, health systems to report cyberattacks
Editor's Note
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) proposed a new rule that would require hospitals and health systems to report any cyberattacks or ransomware attacks to the agency within 72 hours and any ransomware payments within 24 hours.
The healthcare sector is one of the most prominent victims of cyberattacks, which are on the rise. According to the American Hospital Association, US healthcare organizations were hit by 1,410 weekly cyberattacks per organization in 2022, up 86% from 2021.
Announced on March 27, the new rule is intended to streamline CISA’s ability to respond quickly to cyberattacks, track threats, and spot trends in online criminal activity. According to the agency, the new guidelines would require hospitals and healthcare systems to respond under these timeframes to “any covered cyber incidents, ransom payments made in response to a ransomware attack, and any substantial new or different information discovered related to a previously submitted report.”
The agency is providing 60 days for public feedback on both the proposed rule and the implementation of the new reporting requirements.
Free Daily News
- Report: Consistent, purposeful manager-team engagement reduces RN turnover
- Death, hospital readmission less likely for women treated by female doctors
- FDA announces class 1 recalls for infusion pumps, anesthesia workstation
- Study finds workforce readiness gap in new nurses
- Joint replacement manufacturer recalls products after FDA packaging warning
- Gene-edited pig kidney, heart pump combined in transplant surgery milestone
- Catheter sterility concerns prompt Class 1 FDA recall for surgery trays
- Large amounts of personal data possibly stolen in Change Healthcare cyberattack
- AI model helps predict patient decline, drive collaborative care
- One patient’s recovery highlights benefits of outpatient endoscopic spine surgery