New York Governor Kathy Hochul has proposed comprehensive cybersecurity regulations for hospitals and health systems within the state. Known to be progressive, these regulations, if approved, will give hospitals and related entities until February 2025 to comply with the new rules. Hochul announced that her proposed cybersecurity regulations will be made publicly available – assuming adoption by the Public Health and Health Planning Council – on December 6 in the State Register. This information was brought to the public by Harris Beach PLLC.
The Governor described her initiative as “nation-leading,” projecting that the implications of these proposed measures will be far-reaching and will significantly contribute to strengthening the cybersecurity infrastructure of the healthcare industry amidst mounting threats. With cyber threats becoming increasingly frequent and sophisticated, comprehensive cybersecurity plans for hospitals are critical not only to safeguard hospitals’ information and operations but also to protect patient data and improve healthcare services.
While the specifics of the proposed regulations are not known yet, they are expected to encompass a broad spectrum of cybersecurity strategies and systems to improve the resilience of healthcare services in the state. The regulations would aim to enforce stringent cybersecurity measures across the sector, necessitating new protocols for monitoring networks, upgrading security systems, responding swiftly to cybersecurity threats, and recovering from cyber attacks.
This initiative by Governor Hochul underpins the growing recognition among lawmakers of the essential role that robust cybersecurity plays in protecting our healthcare services. It is an initiative that could also set a precedent for other states to follow, and possibly even at the national level, as the need for improved cybersecurity in the healthcare sector becomes increasingly apparent.