This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
List Professionals Alphabetically
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z View All
Search Professionals
Site Search Submit
| less than a minute read

New York Proposes New Cybersecurity Regulations for Hospitals

This week, New York regulators announced that they plan to release proposed cybersecurity regulations for hospitals. The impetus for the proposed regulations is largely due to the increasing and devastating cyber attacks on the state's hospitals.  

The proposed regulations will supplement the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which safeguards patient data. The regulations require hospitals to set up a cybersecurity program, use multi-factor authentication, assess cybersecurity risks, implement defense measures, and proactively prevent cyber threats. Hospitals will be required to prepare incident response plans for cybersecurity incidents and test these plans to ensure uninterrupted patient care. In addition, hospitals may be required to designate a Chief Information Security Officer, who will oversee and review the policies on an annual basis.  

If the proposed regulations are adopted by the Public Health and Health Planning Council this week, they will be published in the State Register on December 6, 2023, and open for public comment until February 5, 2024. Hospitals will have one year to comply with the regulations once they are finalized.


"Our interconnected world demands an interconnected defense against cyber-attacks, leveraging every resource available, especially at hospitals," Governor Hochul said. "These new proposed regulations set forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyber threats.”


intellectual property, privacy data and cybersecurity, health care