Governor Kathy Hochul proposed new cybersecurity protocols to help hospitals better respond to cybersecurity challenges.
What happened
New York, alongside several other states, has seen a significant increase in cyberattacks and data breaches that can impact patient care, be time-consuming and costly to resolve, and may put protected health data in the wrong hands.
This fall alone, Paubox has reported on multiple data breaches that have impacted millions of residents and resulted in lawsuits, shutdowns, and other various impacts.
Governor Kathy Hochul hopes to turn the tide by proposing new cybersecurity regulations to help hospitals prepare and respond to incidents.
Read more:
Going deeper
The state's press release states that the proposal is linked to Governor Hochul's FY 2024 budget, which she announced in May. The budget includes $500 million devoted to healthcare facilities, including updating technology requirements to comply with the proposed regulations.
The regulations work in tandem with HIPAA requirements. The proposal mandates that hospitals establish a cybersecurity program and assess cybersecurity risks internally and externally.
The proposal will also require hospitals to use defensive techniques and infrastructure, implement measures to protect information, and take preventative action before cyberattacks occur.
The proposed regulations will also require hospitals to develop response plans, including notification procedures, in the case of a cyber incident. Hospitals without a Chief Information Security Officer will create the role.
What was said
In a statement, Governor Hochul said, “Our interconnected world demands an interconnected defense against cyber-attacks, leveraging every resource available, especially at hospitals.” She noted that the “new proposed regulations set forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyber threats.”
The New York State Health Commissioner, Dr. James McDonald said, “Under Governor Hochul’s leadership, New York State has significantly enhanced its cyber defenses, which are critically important to our health care system. When we protect hospitals, we protect patients.”
The New York State Chief Cyber Officer, Colin Ahern, added, “As hospitals face growing cyber threats, it is imperative that we enable them to defend against attacks and these draft regulations and financial commitment do just that.”
The bottom line
If the proposal is adopted by the Public Health and Health Planning Council this week, the regulations will be officially published on December 6 and allow 60 days for public comment. Once the proposal is finalized, hospitals will have a year to enact compliance changes.
The proposal comes after warnings that healthcare systems are increasingly the target of attack, with hospitals in New York experiencing the issue firsthand. By setting high standards for cybersecurity, New York can help ensure that patients remain protected and healthy.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
