H-ISAC TLP White Hacking Healthcare - Weekly Blog - August 28, 2025

This week, Health-ISAC®'s Hacking Healthcare® examines evidence that the HIPAA Security Rule effort launched at the end of the Biden administration may be moving ahead under the Trump administration, and that the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) might miss its October deadline by more than a few months.

Welcome back to Hacking Healthcare®.

Evidence Suggests New Dates for HIPAA Security Rule and Cyber Incident Reporting 

U.S. presidential administration transitions often begin with months of policy reviews and reversals as the new administration rushes to enact its own policy vision. The first months of the second Trump administration have been no different, but they have thrown two important cybersecurity efforts into question. While there has been very little official news on the progress of the HIPAA Security Rule Proposed Rule that the Biden administration published in early January, or the long running effort by the Cybersecurity and Infrastructure Security Agency (CISA) to complete the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Final Rule, we may now have some evidence about what to expect and when.