Healthcare organizations will be required to report any cyberattacks to the Department of Homeland Security, under a law signed March 15 by President Joe Biden, Bloomberg reported March 16.
The new law, which is part of a broader government funding package, requires organizations in "critical sectors," or sectors considered vital to the U.S. economy, public health and safety, to inform the government of any ransomware or hacks. These organizations must make the attacks known within 72 hours of discovery and 24 hours of ransom payment. However, which specific companies within each sector are affected by this law is unknown yet.
This law comes at a time of great cybersecurity worry, given the ongoing conflict in Ukraine and heightened security warnings. The FBI has said it has a view of around a quarter of U.S. cyberattacks, meaning this law could greatly increase visibility for the government.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told Bloomberg that the bill will give, "the data and visibility we need to help better protect critical infrastructure and businesses across the country from the devastating effects of cyberattacks."