On October 2, 2024, the New York State Department of Health (“NYSDOH”) finalized and adopted new hospital cybersecurity regulations. Effective immediately, hospitals in New York State are required to report to NYSDOH as promptly as possible, but not later than 72 hours after, determining that a cybersecurity incident has occurred. A cybersecurity incident is an

On July 9, 2024, the White House Office of Science and Technology Policy (“OSTP”) issued highly anticipated final guidelines setting forth a framework under which academic research institutions must establish and operate formal research security programs (the “Final Guidelines”).1 These final guidelines will be critically important to research operations at universities, academic medical centers

On March 13, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that it had opened an investigation into the monumental cyberattack on Change Healthcare (“Change”), a unit of UnitedHealth Group (“UHG”). The attack is one of the largest assaults against the U.S. health care system, with far-reaching