In an effort to bolster cybersecurity measures within the healthcare sector, New York Governor, Kathy Hochul, recently announced impending cybersecurity regulations specifically targeted at New York hospitals. The proposed rules are due to be published in the State Register on December 6, 2023, subject to approval by the Public Health and Health Planning Council, as reported by Epstein Becker & Green.
These proposed regulations come in the wake of increasing cyber threats targeting critical infrastructure sectors, including hospitals and healthcare organizations. Such entities possess sensitive personal and medical data, making them particularly attractive targets for cybercriminals.
The exact details of the regulations remain confidential until publication, but the broad intention of this legal move is not only to enhance the cybersecurity posture of hospitals in New York State but also to ensure there are standard guidelines in place that hospitals should adhere to in their cybersecurity practices.
The proposed New York cybersecurity rules signify another step in many local and national governments’ ongoing efforts to combat the growing threat of cybercrime. However, their effectiveness in enhancing the protection of critical data and systems will hinge upon the details of the regulation and their implementation by the hospitals and healthcare organizations subject to them.
Stakeholders in the healthcare sector, as well as cybersecurity and legal professionals, will be watching closely for the publication of these rules. Their potential impact, including the cost and complexity of implementing them, could have significant implications for the healthcare industry and could very well shape how other states or countries approach hospital cybersecurity regulation moving forward.