N.Y. hospitals face stiff cybersecurity requirements under proposed rules

By Adrianne Appel2023-11-15T21:09:00

New York hospitals would be required to have a cybersecurity program that includes regular cyber risk assessments under newly proposed regulations.

The proposed rules, which would require the reporting of material cyber incidents within two hours, are designed to strengthen the cybersecurity of hospitals and their networks, said New York Gov. Kathy Hochul in a press release Monday.

Complying with the proposed rules would initially cost hospitals tens of thousands or tens of millions of dollars, according to the draft rules, which noted program maturity as a dictating factor. Hospitals would be allowed to subcontract for cybersecurity services.

THIS IS MEMBERS-ONLY CONTENT

JOIN NOW

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

News Brief
HHS: New cybersecurity regs on the way for hospitals

2023-12-07T18:34:00Z By Adrianne Appel

Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.
Premium
N.Y. law to pose hurdle for RIA’s off-channel comms supervision efforts

2023-11-08T20:10:00Z By Aaron Nicodemus

A New York state law that takes effect next year will make it more difficult for registered investment advisers in the state to conduct proactive testing for violations of their firms’ off-channel communication policies.
News Brief
Amended N.Y. cyber regs up pressure on financial firms to combat risks

2023-11-03T10:03:00Z By Adrianne Appel

New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.

More from Regulatory Policy

News Brief
Hospitals, health IT face HHS crackdown for blocking electronic records

2025-09-05T18:42:00Z By Adrianne Appel

The Department of Health and Human Services is stepping up its enforcement against hospitals and other health entities that block the sharing of electronic health records.
Article
Digital wallets should speed up compliance, but companies must focus on trust and security

2025-09-04T18:49:00Z By Ruth Prickett

The EU has one, the U.K. is getting one, many U.S. states are working with Google and Apple to provide one, and now industry sectors are developing their own digital wallet.
News Brief
FinCEN again delays U.S. ban on three Mexican financial institutions

2025-08-28T20:40:00Z By Aaron Nicodemus

The order barring three Mexican financial institutions from doing business with U.S. financial institutions has been delayed until October.

N.Y. hospitals face stiff cybersecurity requirements under proposed rules

THIS IS MEMBERS-ONLY CONTENT

Related articles

HHS: New cybersecurity regs on the way for hospitals

N.Y. law to pose hurdle for RIA’s off-channel comms supervision efforts

Amended N.Y. cyber regs up pressure on financial firms to combat risks

More from Regulatory Policy

Hospitals, health IT face HHS crackdown for blocking electronic records

Digital wallets should speed up compliance, but companies must focus on trust and security

FinCEN again delays U.S. ban on three Mexican financial institutions