DOH Updates Reporting Requirement for Cybersecurity Incidents
(Oct. 15, 2024) On Oct. 9, 2024, the Department of Health (DOH) issued this Dear Administrator Letter (DAL) to update the reporting requirements for nursing homes, adult care facilities (ACFs), certified home health agencies (CHHAs), licensed home care services agencies (LHCSAs), and hospice providers during a possible or confirmed cybersecurity incident. For purposes of this communication, a cybersecurity incident is one that has or is likely to have a material adverse impact on operations or results in the deployment of ransomware within a material part of the facility’s or provider’s information systems. If a cybersecurity incident affects or is suspected of affecting your facility or provider group, the information should be reported to DOH as soon as practicable. Such report may be made by calling the Surge Operations Center at 917-909-2676. The facility’s or provider’s contact and current status information will be referred to the appropriate program for further action.
Questions regarding the DAL can be directed to DOH at cyberincident@health.ny.gov.
This DAL supersedes a DAL dated Aug. 12, 2019.
Contact: Diane Darbyshire, ddarbyshire@leadingageny.org, 518-867-8828