DOH Issues New Cybersecurity Notification Protocol for Health Care Providers
The Department of Health (DOH) is implementing a new notification protocol that providers should use to inform the Department when they have experienced a potential cybersecurity incident at their facility or agency. A Dear Administrator Letter (DAL) lays out the new protocol and requires posting of a corresponding Cybersecurity Incident Notification poster, which provides contact information for each DOH regional office. A cybersecurity incident is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of data or interference with an information system operations.
The protocol is in effect immediately and applies to the following facility types:
- Hospitals;
- Nursing homes;
- Diagnostic and treatment centers;
- Adult care facilities (ACFs);
- Certified home health agencies (CHHAs);
- Hospices; and
- Licensed home care services agencies (LHCSAs).
The poster should be posted as signage throughout your facility or agency locations for immediate awareness and reference by your staff. DOH would like to be promptly notified about incidents in order to mitigate their effects. They have designed a more efficient process to engage assistance for providers, as needed.
Please submit any questions you may have by email to ohim@health.ny.gov.
Contact: Meg Everett, meverett@leadingageny.org, 518-867-8871