A proposed rule that would require the nation's most critical industries to more quickly report cyberattacks is raising the ire of the health care industry, which claims the new directives could actually hinder its response in a crisis.across the health care industry, but regulators and providers don't agree on how to get a handle on the problem.proposed in April
The mandated reporting is "not so we can hold people accountable, but so we can use that information for the benefit of the overall cybersecurity ecosystem," said Brandon Wales, CISA's executive director, in an online video. That's not only a tremendous amount of information to provide, but also a dangerous treasure trove if obtained by bad actors, they wrote.
The American Hospital Association called on the agency to make the reporting process more flexible.