AHA comments on CIRCIA’s cyber incident reporting requirements 

Jul 02, 2024 - 03:01 PM
oig-fda-cybersecurity

The AHA July 2 submitted comments to the Cybersecurity and Infrastructure Security Agency on its proposed rule establishing reporting requirements for cybersecurity incidents under the Cyber Incident Reporting for Critical Infrastructure Act. The AHA called the requirements redundant to those from other federal agencies and that they add an unnecessary burden to hospitals while maintaining care through a cybersecurity incident. AHA urged CISA and other agencies to guarantee data anonymity across all federal agencies, and said applicability of the reporting rules are confusing, calling for them to be simplified due to compliance and operational burdens to hospitals in addition to privacy risks. AHA also expressed concern about the proposed rule’s penalties, calling them “vague and potentially severe,” and recommended that CISA revise the rule to incentivize collaboration instead.

Related News Articles

Headline
Agencies alert health sector of Iranian and Russian cyber threats
The FBI, Cybersecurity and Infrastructure Agency and the Department of Defense Cyber Crime Center Aug. 29 issued a joint advisory to warn of Iranian-based…
Headline
AHA Podcast: Start with Defense — Building a Cyber-ready Team 
Health care is under constant cyberattack threat, but how prepared is the industry to fight back? The lack of resources is especially acute in rural areas. In…
Headline
AHA names new deputy national advisor for cybersecurity risk
AHA Aug. 23 named James “Scott” Gee deputy national advisor for cybersecurity and risk. Gee will work with John Riggi, AHA’s national advisor for cybersecurity…
Headline
HHS alerts health sector to cyberthreat from Everest ransomware group
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Everest, a ransomware-as…
Headline
AHA blog: How to prepare for third-party cyber risk 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly…
Headline
CISA guidance informs users on software products which should be secure by design and demand 
The Cybersecurity and Infrastructure Security Agency and FBI Aug. 8 released guidance on secure by design software products which includes resources to assess…