FAH Hospital Policy Blog

Perspectives on health policy affecting America's hospitals and the patients we serve.

Sarah Aillon

FAH Comments to CISA on Implementation of New Cyber Law

Today FAH submitted comments to the Cybersecurity and Infrastructure Security Agency (CISA) in response to CISA’s Request for Information for development of implementing regulations on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which was enacted earlier this year. FAH comments support CISA’s efforts to improve cyber resilience and share information and tools with the healthcare industry to help mitigate and prevent cyber threats to the healthcare infrastructure. They also highlight that as CISA engages in rulemaking to implement CIRCIA, it is critical that the regulations maximize flexibility, consistency, and harmonization across existing regulatory frameworks, while minimizing the administrative burden and risk of unintended negative consequences. The comments specifically focus on the development of clear, consistent definitions under the law, the content and timing of required reports, as well as supplemental information, provided to CISA in the event of a covered cyber incident, and harmonization with other federal and state laws.

You can read the entire comment letter here.