CISA releases proposed rule on cyber incident reporting

Mar 27, 2024 - 02:10 PM
cybersecurity

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency March 27 released a proposed rule implementing cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, intended to help the agency prevent cyberattacks and deploy assistance to victims. The rule would require critical infrastructure organizations, including hospitals and health systems, to report a covered cyber incident to the federal government within 72 hours and ransom payments within 24 hours, among other requirements. CISA will accept comments on the rule for 60 days after its publication in the April 4 Federal Register.

AHA is reviewing the rule, including how it defines a covered cyber incident, how it addresses any overlap with the HIPAA security rule and its breach notification requirements, as well as how the proposed rule defines exceptions and variances on reporting requirements. AHA members will receive more information on the proposed rule soon.

Related News Articles

Headline
Microsoft says China-based threat actors behind SharePoint attacks 
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
Agencies warn of activity by Interlock ransomware
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks 
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
AHA blog: Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…
Headline
Senate holds hearing on health care cybersecurity and patient privacy
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…