January 17, 2024

Protecting Hospitals From Cyberattacks: New York’s Trailblazing Cybersecurity Requirements

Hospitals, health systems and providers are targets of cyberattacks at an alarming rate, putting patient data, electronic infrastructure and, most importantly, patient lives at risk. The Department of Health and Human Services’ Office of Civil Rights reported an average of 60 data breaches a month in the health care sector between January 1 and October 31, 2022. According to FBI data, 25% of ransomware attacks in 2022 targeted health care—more than any of the other 14 critical infrastructure industries. New York has been hit hard, with recent cyberattacks requiring hospitals to divert patients to other hospitals, cancel surgeries and temporarily shut down services.

In response to the growing cyber threat, New York—a national leader in driving cybersecurity advances—has proposed to become the first state requiring hospitals to implement cybersecurity controls that would safeguard protected health information and its electronic infrastructure and prevent delays in care from cybersecurity events. The new requirements build on New York’s proven track record in other industries, including establishing cybersecurity requirements for financial services companies and their vendors in 2017 and, more recently, developing the first statewide cybersecurity strategy for the state’s digital infrastructure. In a new webinar, Manatt will explain the proposed regulations and what they mean for providers, share insights to help hospitals guard against attacks, and present lessons for other states seeking to put protections in place. Click here to register for the free webinar. Key topics include:

  • A guide to New York’s proposed hospital cybersecurity regulation and key compliance dates
  • A look at the funding the state will use to assist hospitals in meeting the new requirements 
  • Strategies for submitting applications for obtaining funding to support cybersecurity compliance under the Statewide Health Care Transformation Program
  • Key considerations for ongoing compliance with cybersecurity requirements and enforcement
  • Actions providers can take to protect their organizations and mitigate risk
  • Lessons for other states seeking to enhance cybersecurity protections for providers

View recording here