- The health care industry is pushing back against a proposed rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which mandates faster reporting of cyberattacks. While the rule aims to enhance cybersecurity by requiring companies to report incidents within strict timeframes, including details on security defenses, health care organizations argue it could hinder their crisis response efforts. Concerns include the burden of disclosing extensive security information and potential risks if this data falls into malicious hands. Organizations like the American Hospital Association and medical groups have called for greater flexibility in reporting requirements to streamline compliance without diverting critical resources from combating cyber threats. The debate highlights a clash between regulatory goals and practical challenges faced by health care providers in managing cybersecurity amidst escalating cyber threats. (Article here)
July 17, 2024
Health IT | Tea Leaves