This week, Hacking Healthcare™ is devoted to looking ahead to what 2024 has in store for the Healthcare and Public Health (HPH) sector from a policy, law, and regulatory standpoint. We will be breaking down some of the more impactful polices, laws, and regulations that will likely affect the HPH sector in the United States (US) and the European Union (EU) over the next 12 months.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
PDF Version:
Download
Text Version:
Welcome back to Hacking Healthcare™.
2024 Policy, Law, and Regulation Look Ahead
Much of what we will see this year is an evolution and implementation of things that have been discussed here many times and reflect the fact that cybersecurity is, and will continue to be, a major area of focus for government around the world.
Action & Analysis
**Included with Health-ISAC Membership**
Congress
Tuesday, January 9
No relevant hearings
Wednesday, January 10
No relevant meetings
Thursday, January 11
No relevant meetings
International Hearings/Meetings
No relevant meetings
EU
[i] https://ec.europa.eu/commission/presscorner/detail/en/QANDA_22_5375
[ii] Regulation (EU) 2017/745 – Medical devices for human use and accessories & Regulation (EU) 2017/746 – In vitro diagnostic medical devices for human use and accessories
[iii] https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
[iv] https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia
[v] https://www.cisa.gov/sites/default/files/2023-01/Cyber-Incident-Reporting-ForCriticalInfrastructure-Act-o-f2022_508.pdf
[vi] https://www.cisa.gov/sites/default/files/2023-01/CIRCIA_07.21.2022_Factsheet_FINAL_508%20c.pdf
[vii] Smaller Reporting Companies are defined by the SEC here: https://www.sec.gov/education/smallbusiness/goingpublic/SRC
[viii] https://www.sec.gov/files/rules/final/2023/33-11216.pdf
[ix] https://www.sec.gov/news/statement/gerding-cybersecurity-disclosure-20231214
[x] https://www.sec.gov/files/33-11216-fact-sheet.pdf
[xi] https://www.sec.gov/files/rules/final/2023/33-11216.pdf
[xii] https://cyberscoop.com/epa-calls-off-cyber-regulations-for-water-sector/
