AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
aha.org
|
Contributed by: Drex DeFord
Summary
The American Hospital Association (AHA) has provided feedback to the Cybersecurity and Infrastructure Security Agency (CISA) regarding its proposed Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule. While acknowledging the importance of incident reporting to understand and mitigate cyber threats, the AHA raises concerns about the redundancy, complexity, and timing of these requirements, which could burden hospitals during critical times. They advise CISA to harmonize its reporting rules with existing regulations, ensure data anonymity, and simplify the reporting process. Additionally, the AHA emphasizes the need for clearer definitions, more inclusive criteria for all health care-related entities, and a reduction of the operational burden on hospitals, suggesting that penalties on victim organizations be reconsidered in favor of collaborative approaches.