New York State hospital cybersecurity regulations now require hospitals to report cybersecurity incidents to the Department of Health within 72 hours. As of 2025, further provisions requiring the appointment of a chief information security officer, the implementation of a cybersecurity program with multifactor authentication, and annual risk assessments will also be mandatory. Though these regulations apply only to New York’s hospitals, they may provide insight into future federal-level healthcare cybersecurity strategies.
SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Data
The SmokeLoader malware has launched attacks on Taiwanese industries including healthcare, IT, and manufacturing. The scams start with phishing emails that exploit Microsoft Office vulnerabilities,
