James Rundle reports:
New York regulators Monday plan to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities.
Under draft rules reviewed by The Wall Street Journal, New York will require general hospitals to develop and test incident response plans, assess their cybersecurity risks and install security technologies such as multifactor authentication. Hospitals must also develop secure software design practices for in-house applications, and processes for testing the security of software from vendors.
[…]
The draft rules, which will be open to public comment for a 60-day period from Monday, are designed to complement the federal Health Insurance Portability and Accountability Act, which governs how healthcare operators secure personal information.
Read more at WSJ.