WEDI offers feedback on CISA’s cyber incident reporting rules

Workgroup for Electronic Data Interchange (WEDI) responded to the Department of Homeland Security’s proposed rule on cybersecurity reporting, seeking a balance between prompt reporting and administrative burdens on health organizations. Additionally, WEDI called for protection of submitted information, aligning reporting requirements with other federal agencies, more flexibility in the 72-hour reporting requirement, and non-consideration of ransomware attacks as data breaches if no unauthorized access occurred.