The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency March 27 released a proposed rule implementing cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, intended to help the agency prevent cyberattacks and deploy assistance to victims. The rule would require critical infrastructure organizations, including hospitals and health systems, to report a covered cyber incident to the federal government within 72 hours and ransom payments within 24 hours, among other requirements. CISA will accept comments on the rule for 60 days after its publication in the April 4 Federal Register.

AHA is reviewing the rule, including how it defines a covered cyber incident, how it addresses any overlap with the HIPAA security rule and its breach notification requirements, as well as how the proposed rule defines exceptions and variances on reporting requirements. AHA members will receive more information on the proposed rule soon.

Related News Articles

Headline
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…
Headline
Cyberattacks on hospitals are urgent threats to patient safety, care delivery and public trust. In this conversation, Ajay Gupta, board chair of Trinity Health…
Headline
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and the National Security Agency June 30 released a fact…
Headline
The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…