Navigating the SEC Cyber Incident Disclosure Rule, How It Impacts Healthcare
The Securities and Exchange Commission (SEC) finalized a rule in July 2023, effective from September 5, 2023, mandating publicly traded companies to promptly disclose cyber incidents. The rule standardizes breach disclosures, impacting public healthcare entities and vendors serving the healthcare sector. It requires reporting material cybersecurity incidents within four days, except when national security is at risk. Critics argue the tight timeline may lead to unclear or inaccurate disclosures. The rule also demands periodic disclosures on cyber risk management, aiding vendor assessment. Non-compliance may result in penalties, emphasizing the need for improved cybersecurity practices.
Source: healthitsecurity.com
- Read more