Let’s Meet at
HIMSS24

Cyberattacks targeting healthcare organizations have been on the rise, and New York State is stepping up its defenses. As of October 2, 2024, new cybersecurity regulations are in effect for general hospitals in the state, marking a significant step forward in protecting sensitive patient data and ensuring the operational resilience of healthcare facilities. These new rules introduce a range of requirements that go beyond federal HIPAA regulations, demanding more stringent protections for patient data and a broader definition of sensitive information. With a compliance deadline set for October 2025, hospitals have one year to prepare, but they must immediately comply with the incident reporting requirements. In this blog, we’ll break down the most important aspects of these new regulations, explain who they apply to, and why this move is a positive step for the healthcare sector.

The Health Infrastructure Security and Accountability Act (HISAA) introduced in the U.S. Senate on September 26 is another good step forward in addressing key factors contributing to the healthcare sector’s deficiency in establishing and maintaining adequate cybersecurity controls and risk management programs. While there are many in the sector that are already implementing recognized standards, having mandated standards would help to make sure everyone is playing by the same rules.