New York Governor Kathy Hochul has proposed new cybersecurity rules for the state’s hospitals in response to multiple cyberattacks that disrupted healthcare operations. The rules include establishing cybersecurity programs, appointing Chief Information Security Officers, developing incident response plans, and testing response measures to ensure patient care continuity during system restoration.
The proposed regulations also mandate secure practices for software applications, multifactor authentication, and other cybersecurity measures. Governor Hochul’s budget allocates $500 million for hospital technology upgrades in alignment with the proposed rules.
Why it matters: The proposed cybersecurity rules represent a comprehensive effort to bolster the resilience of New York’s hospitals against cyber threats, with a significant financial commitment to support necessary technological upgrades. The regulations address the urgent need to safeguard public health infrastructure from the disruptive impact of cyber incidents.
- Governor Hochul’s focus on cybersecurity aligns with a broader trend of government responses to ransomware threats, as seen in recent fines imposed on companies that fail to protect patient data in the aftermath of attacks.
- By enforcing measures such as incident response planning and testing, the regulations seek to enhance hospitals’ resilience to cyberattacks, ensuring uninterrupted patient care during and after security incidents.
- Cyberattacks on healthcare facilities have real-world consequences, including patient diversions, canceled procedures, and limits on critical services. The proposed rules aim to safeguard public health by minimizing the impact of cyber incidents on healthcare delivery.