Stakeholders Suggest Changes to CISA’s Cybersecurity Reporting Rule

Healthcare stakeholders are challenging the Cybersecurity and Infrastructure Security Agency’s (CISA) proposed rule on cyber incident reporting, citing concerns over burdensome requirements and potential impacts on small medical groups. Stakeholders, including the Medical Group Management Association and the Workgroup for Electronic Data Interchange, suggested greater collaboration between agencies, flexible reporting timelines, and a reconsideration of ransomware as data breaches to ease the administrative burden. They also pointed to the need for financial support to meet increased reporting requirements.