New York State Department of Health Secretary James McDonald. (Mike Gwizdala — MediaNews Group File)
NEW YORK — Governor Kathy Hochul recently announced the release of the nation’s leading proposed statewide cybersecurity regulations for hospitals. It will help the state’s hospitals establish policies and procedures to protect the health system from growing cyber threats.
Hochul’s FY24 budget includes $500 million in funding that health care facilities can apply to upgrade their technology systems to comply with the proposed regulations, according to a press release from the governor’s office.
“Our interconnected world requires interconnected defense against cyber-attacks, leveraging all available resources, especially in hospitals,” Hochul said in the release. “These new proposed regulations provide a nation-leading blueprint to ensure New York State is prepared and resilient in the face of cyber threats.”
This proposed regulation complements the Health Insurance Portability and Accountability Act (HIPAA) security rule, which focuses on protecting patient data and medical records, by protecting hospital networks and systems essential to the delivery of patient care. It is intended to strengthen the.
Under the proposed provisions, hospitals would establish a cybersecurity program, assess internal and external cybersecurity risks, use defensive technologies and infrastructure, and protect their information systems from unauthorized access and other malicious activity. We are required to take steps to protect and take proven steps to take action. Prevent cybersecurity events in advance.
“Under Governor Hochul’s leadership, New York State has significantly strengthened our critical cyber defenses for our health care system,” New York State Health Commissioner Dr. James MacDonald said in a release. “When we protect our hospitals, we protect our patients. These national draft cybersecurity hospital regulations will protect critical systems from cyber threats and ensure the safety of New York’s hospitals and healthcare facilities. Based on the Governor’s priorities.”
In addition, the proposed regulations would require hospitals to develop response plans for potential cybersecurity incidents, including notification of appropriate parties, according to the release. Hospitals will also be required to test their response plans to ensure continuity of patient care until the system returns to normal operations.
The proposed regulations would require each hospital’s cybersecurity program to include documented procedures, guidelines, and standards for developing safe practices for in-hospital applications intended for use at the facility. Hospitals are also required to establish policies and procedures for assessing, evaluating, and testing the security of externally developed applications used by the hospital.
The proposed regulations would also require hospitals to establish a chief information security officer role, if one does not already exist, to enforce new policies and annually review and update them as necessary. There is. Additionally, the proposed regulation would require the use of multi-factor authentication to access a hospital’s internal network from an external network.
The $500 million in funding is included in the Governor’s fiscal year 2024 budget and will be part of the upcoming statewide capital program solicitation.
These funds will facilitate investments in healthcare facility modernization as well as the use of advanced clinical technologies, cybersecurity tools, electronic health records, and other technology upgrades to improve quality of care, patient experience, and more. , improve accessibility, and efficiency.
If adopted by the Public Health and Health Planning Board this week, the regulations would be published in the State Register on Dec. 6, with a 60-day public comment period ending on Feb. 5, 2024. Once finalized, hospitals will have one year to comply with the new regulations.
“Under Governor Hochul’s leadership, the Department of Health is issuing draft cybersecurity regulations that will strengthen protections for hospital systems across the state,” New York State Chief Cyber Officer Colin Ahern said in a release. Ta. “These draft regulations build on the statewide cybersecurity strategy announced by Governor Hochul in August.
“As hospitals face increasing cyber threats, it is imperative that they be able to defend against attacks, and these draft regulations and financial commitments will do just that. We look forward to receiving feedback from the public over the next 60 days as we finalize regulations that support improved cyber defenses and resiliency.”
Last year, the U.S. Treasury Department, Federal Bureau of Investigation, and Cybersecurity and Infrastructure Security Agency warned that hospitals were being targeted by cyberattacks, including some New York hospitals. Cyberattacks have an immediate impact on hospitals, from diverting patients and canceling procedures to transitioning from electronic to paper records that slows down critical services.
Mr. Hochul recently announced New York State’s first statewide cybersecurity strategy aimed at protecting the state’s digital infrastructure from today’s cyber threats. This strategy provides public and private stakeholders with a cyber risk mitigation roadmap and outlines plans to protect critical infrastructure, networks, data, and technology systems.
“Access to essential health services is critical, and by implementing these aggressive, common-sense regulations, New York State is taking meaningful steps to protect patients while joining other states across the country. We are also building a cybersecurity roadmap for the region to follow,” York State Director of Homeland Security and Emergency Services Jackie Bray said in the release.
“When it comes to protecting New Yorkers from increasingly frequent and sophisticated cyberattacks, protecting hospitals is an important part of New York State’s proactive and “This is an important part of a comprehensive, statewide approach.” “We appreciate the continued efforts of the Governor and our agency partners to ensure our state hospitals have the uniform guidance and resources they need to further strengthen their own cybersecurity, thereby ensuring patient and We are pleased to be able to protect the critical systems that provide quality care across the state.” York. ”
Recently, Hochul announced a proclamation declaring October as Cybersecurity Awareness Month. This year marks the event’s 20th anniversary as part of an effort to engage and educate the public about cybersecurity and provide tools and other resources to help all New Yorkers stay safe online. .
For more information, please visit Governor Hochul’s website on strengthening cybersecurity across New York State and the ITS Chief Information Security Office website. Also, follow the station on X, formerly known as Twitter, Facebook and Instagram (#NYSCyber).