AHLA Health Law Weekly: Why ALL Health Care Organizations Must Care About SEC Proposed Cybersecurity Rule Changes

Clearwater Founder & Executive Chairman, Bob Chaput, in AHLA’s Health Law Weekly

According to the American Hospital Association (AHA), there are 6,093 hospitals in the United States. Of this total number, 1,228 are investor-owned (for-profit) acute care hospitals and 2,960 are nongovernment not-for-profit acute care hospitals. The remainder of the 6,093 hospitals is comprised of government acute care hospitals (federal, state, or local government), psychiatric hospitals, and other hospitals. All of these hospitals, regardless of their designation as for-profit, not-for-profit, or government, can likely agree on the sentiment-“cybersecurity is patient safety.

As of September 2022, the New York Stock Exchange (NYSE) had a combined total of 2,578 listed domestic and international companies, while the Nasdaq had 3,788 for a total of 6,366 publicly listed companies. The population of companies subject to the U.S. Securities and Exchange Commission (SEC) disclosure requirements is small, especially when considering the approximately 32.6 million businesses in the United States. The point is that private companies dominate the U.S. economy and may not be directly subject to SEC registration, reporting, and disclosure requirements. They are, however, increasingly targeted by adversarial threat sources and subject to the same accidental, structural, and environmental threat sources that public companies face. Getting an organization’s cyber risk management “ducks in a row” is not just for SE-regulated companies.

In a recently published article in AHLA’s Health Law Weekly, Clearwater Founder and Executive Chairman, Bob Chaput, goes on to explain why the SEC’s proposed cybersecurity rule changes should garner the attention of all healthcare organizations, not solely those who are public entities.

Chaput shares an analysis of key questions and proposed considerations for healthcare leaders.

Download the full article here

Copyright 2023, American Health Law Association, Washington, DC. Reprint permission granted. 

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Related Blogs

Rethinking the HIPAA Security Rule: Why Forward Path 2025 Might Be the Better Way Forward

Rethinking the HIPAA Security Rule: Why Forward Path 2025 Might Be the Better Way Forward

Late last year, the US Department of Health and Human Services (HHS) introduced a more prescriptive regulatory framework for the HIPAA Security Rule, which comes at a critical time. As the industry faces unprecedented numbers of breach-related sensitive record exposures, it’s clear healthcare organizations and their supporting partners need to do more to protect patient data, but is the Notice of Proposed Rulemaking (NPRM) to update the HIPAA Security Rule the answer?
Assumed Breach Simulation: Lateral Movement Explained

Assumed Breach Simulation: Lateral Movement Explained

A cyberattack doesn’t always start with an exposed perimeter. Sometimes, all it takes is a single compromised workstation — compromised through social engineering attacks, use of weak access management. To help clients gauge the potential for a breach to occur through these attack vectors, I and my colleagues on Clearwater’s Technical Testing team perform what is called assumed breach testing – a cybersecurity assessment that evaluates an organization’s ability detect, respond to, and recover from a breach.
RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage

RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage

The cybersecurity world descended on San Francisco last week for RSA Conference 2025, and Clearwater was proud to be there alongside our Redspin colleagues. From AI to identity, from innovation to infrastructure, this year’s RSA reflected both the rapid evolution of cybersecurity technology, and the mounting pressure on organizations to stay ahead of new threats. Here’s what stood out to our team on the ground.
No results found.

Connect
With Us