Healthcare industry groups criticize federal cybersecurity reporting rule
Editor's Note
Healthcare industry groups are calling for the federal government to streamline and ease the recently proposed cybersecurity incident reporting rule by the Cybersecurity and Infrastructure Security Agency (CISA), Fierce Healthcare reported July 8.
According to the report, CISA's proposal imposes enhanced reporting requirements for critical infrastructure entities, including hospitals, manufacturers of essential medicines, and certain IT entities, among others. However, The American Hospital Association (AHA) and other groups argue a 72-hour reporting requirement is unreasonable and diverts attention from managing ongoing cyber incidents. They also highlight the strain of maintaining extensive data logs for two years and the risk associated with detailing cyber defenses to CISA. Groups are also advocating for reconsidering inclusion criteria, particularly for small medical practices and IT vendors that may not be adequately defined.
Free Daily News
- Milestone pig kidney transplant offers hope amid ethical, safety questions
- Fitch Ratings: Hospital credit outlook improves amid stabilizing margins
- Annual Leapfrog Group awards recognize top hospitals, ASCs
- US obesity rates decline for first time in a decade
- Study: Active monitoring without surgery safe for certain low-risk DCIS patients
- Data support option to skip sentinel lymph node biopsy in early breast cancer
- Surveyed nurses, physicians likely to quit
- Costs drop, access expands for GLP-1 weight loss drugs
- Q&A: Perioperative immunotherapy advances for early-stage NSCLC
- Proposals close December 16: Present at the 2025 OR Manager Conference