Healthcare industry groups criticize federal cybersecurity reporting rule
Editor's Note
Healthcare industry groups are calling for the federal government to streamline and ease the recently proposed cybersecurity incident reporting rule by the Cybersecurity and Infrastructure Security Agency (CISA), Fierce Healthcare reported July 8.
According to the report, CISA's proposal imposes enhanced reporting requirements for critical infrastructure entities, including hospitals, manufacturers of essential medicines, and certain IT entities, among others. However, The American Hospital Association (AHA) and other groups argue a 72-hour reporting requirement is unreasonable and diverts attention from managing ongoing cyber incidents. They also highlight the strain of maintaining extensive data logs for two years and the risk associated with detailing cyber defenses to CISA. Groups are also advocating for reconsidering inclusion criteria, particularly for small medical practices and IT vendors that may not be adequately defined.
Free Daily News
- Health systems learn lessons from CrowdStrike global IT outage
- Study reveals puzzling paradox on bilateral mastectomy, breast cancer survival outcomes
- Study on pre, postop opioid use reveals improvements needed for managing young patients
- Joint replacement patients getting younger amid technological advances, outpatient shift
- AAMI updates guidelines on radiation sterilization validation, single-use systems control
- Study: Intraoperative DEX infusions effectively manage diabetes in cardiac surgery patients
- FDA warns healthcare providers to conserve blood culture media bottles amid shortage
- In-house 3D printing reduces hospital surgery times, costs
- North Korean hackers extort hospitals to fund attacks on US government
- ‘Best Medical School’ methodology updated for release of latest annual rankings