Session Description:

In March, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law requiring covered entities that experience a cyber incident to report that incident to CISA within 72 hours. And a covered entity that pays ransom must report that payment to CISA within 24 hours. Significantly, the new reporting requirements may apply even if the cybersecurity incident does not involve the unauthorized access or acquisition of personal information.

CISA has yet to define exactly which entities will be subject to the Act’s reporting obligations, though it is widely acknowledged that healthcare, as one of the nation’s 16 critical infrastructures, and the sector responsible for the most valuable cyber asset, PHI, will be included. 

Learning Objectives:

1. Understand the fundamentals of the Cyber Incident Reporting for Critical Infrastructure Act
2. Learn about ways to measure your organization’s cyber hygiene and preparedness against the 405d HICP
3. Consider steps that you can take to improve cyber resilience prepare to respond and recover from an incident in record time.

Speakers:

David Ting, Founder and CTO, Tausight