Cybersecurity incident reporting rule would exclude insurers, vendors

A proposed Cybersecurity and Infrastructure Security Agency (CISA) rule, requiring the reporting of cybersecurity incidents and ransomware attacks, has been criticized for not including third-party vendors and insurance companies. Healthcare groups argue these entities’ inclusion is crucial for the rule to be effective. The current proposal focuses on hospitals and healthcare providers, potentially leaving other essential parts of the healthcare infrastructure vulnerable.