CISA issues revised virtual town hall schedule for input on proposed cyber incident reporting

The Cybersecurity and Infrastructure Security Agency May 26 announced a revised schedule for its series of virtual town hall meetings for public input on proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The meetings will now begin June 15. They were originally scheduled for March and April but were not held due to the partial shutdown of the Department of Homeland Security. CISA seeks input to finalize a proposed rule originally issued in March 2024. The proposed rule would require critical infrastructure organizations, including hospitals and health systems, to report certain cyber incidents to CISA within 72 hours and ransom payments within 24 hours, among other mandates. The AHA commented on the rule, calling certain proposed requirements redundant to those from other federal agencies and saying that they may add unnecessary burden to hospitals working to ensure access to needed services during cybersecurity incident response.