Under new regulations effective from October 2nd, hospitals in New York State must promptly report cybersecurity incidents, appoint a Chief Information Security Officer (CISO), conduct regular risk assessments, establish a cybersecurity program, implement multifactor authentication, and more. The reporting time for 'material' incidents like ransomware attacks has been extended to 72 hours, with the goal of ensuring patient care continuity. Non-compliance can lead to penalties
The regulations aim to enhance cybersecurity practices in healthcare, supplementing existing HIPAA rules. Costs for compliance are estimated at $50,000 to $2 million depending on the hospital size. The move aligns with federal efforts to strengthen healthcare cybersecurity nationwide. https://www.bankinfosecurity.com/new-york-state-enacts-new-cyber-requirements-for-hospitals-a-26504