N.Y. hospitals face stiff cybersecurity requirements under proposed rules
By 
Adrianne Appel2023-11-15T21:09:00
New York hospitals would be required to have a cybersecurity program that includes regular cyber risk assessments under newly proposed regulations.
The proposed rules, which would require the reporting of material cyber incidents within two hours, are designed to strengthen the cybersecurity of hospitals and their networks, said New York Gov. Kathy Hochul in a press release Monday.
Complying with the proposed rules would initially cost hospitals tens of thousands or tens of millions of dollars, according to the draft rules, which noted program maturity as a dictating factor. Hospitals would be allowed to subcontract for cybersecurity services.
Related articles
-
News BriefHHS: New cybersecurity regs on the way for hospitals
Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.
-
PremiumN.Y. law to pose hurdle for RIA’s off-channel comms supervision efforts
A New York state law that takes effect next year will make it more difficult for registered investment advisers in the state to conduct proactive testing for violations of their firms’ off-channel communication policies.
-
News BriefAmended N.Y. cyber regs up pressure on financial firms to combat risks
New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
More from Regulatory Policy
-
ArticleCalifornia climate rules cause uncertainty as CARB delays draft guidance
California has delayed the release of draft greenhouse gas reporting rules for businesses until early 2026, the California Air Resources Board said.
-
PremiumNew EU Data Act may impact companies’ GDPR compliance efforts
New rules that have recently come into effect across the EU will allow for greater transfers of data between companies, though experts fear the changes could conflict with Europe’s strict privacy legislation, which protects personal information.
-
ArticleNine states collaborating on data privacy enforcement across state lines
Nine states are collaborating to write and enforce comprehensive data privacy laws, in an effort to protect consumers across jurisdictions and due to the absence of a broad, federal privacy law.