HealthcareCISO

This past month, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act, as part of omnibus appropriations legislation.

That act would require owners and operators of critical infrastructure entities – including healthcare and public health organizations – to report "substantial" cyber incidents to the Cybersecurity and Infrastructure Security Agency within 72 hours, and ransomware payments within 24 hours.

In a fact sheet published this month, CISA says its next move will be to undertake a rule-making process to implement the statutory requirements. In the meantime, it offered entities information about how best to share details about cyber-related events in order to help mitigate current or emerging threats to infrastructure.

"When cyber incidents are...