The state Department of Health (DOH) is implementing a new notification protocol that providers should use to inform the Department when they have experienced a potential cybersecurity incident at their facility or agency.
A cybersecurity incident is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of data or interference with an information system operation.
This protocol should be immediately implemented by all providers including HCA members (CHHA, LHCSA, Hospice).
DOH’s announcement (see here) provides the contact information for each DOH Regional Office and is in effect immediately (August 13, 2019). This document should also be posted as signage throughout your facility or agency locations for immediate awareness and reference by your staff.
DOH recognizes that providers must contact various other agencies in this type of event, such as local law enforcement. In collaboration with partner agencies, DOH provides assistance to providers during cyber-security events, and DOH stresses that timely awareness of this type of event enhances its ability to help mitigate the impact and protect the health care system.
Providers should ensure they make any other notifications regarding emergency events that are already required under statute or regulation. For example, a cybersecurity event should be reported to the New York Patient Occurrence Reporting and Tracking System (NYPORTS).
Any questions can be submitted to ohim@health.ny.gov.