Protecting Hospitals From Cyberattacks: New York’s Trailblazing Cybersecurity Requirements

Hospitals, health systems and providers are targets of cyberattacks at an alarming rate, putting patient data, electronic infrastructure and, most importantly, patient lives at risk. The Department of Health and Human Services’ Office of Civil Rights reported an average of 60 data breaches a month in the health care sector between January 1 and October 31, 2022. According to FBI data, 25% of ransomware attacks in 2022 targeted health care—more than any of the other 14 critical infrastructure industries. New York has been hit hard, with recent cyberattacks requiring hospitals to divert patients to other hospitals, cancel surgeries and temporarily shut down services.

In response to the growing cyber threat, New York—a national leader in driving cybersecurity advances—has proposed to become the first state requiring hospitals to implement cybersecurity controls that would safeguard protected health information and its electronic infrastructure and prevent delays in care from cybersecurity events. The new requirements build on New York’s proven track record in other industries, including establishing cybersecurity requirements for financial services companies and their vendors in 2017 and, more recently, developing the first statewide cybersecurity strategy for the state’s digital infrastructure. In a new webinar, Manatt will explain the proposed regulations and what they mean for providers, share insights to help hospitals guard against attacks, and present lessons for other states seeking to put protections in place. Key topics include:

  • A guide to New York’s proposed hospital cybersecurity regulation and key compliance dates
  • A look at the funding the state will use to assist hospitals in meeting the new requirements 
  • Strategies for submitting applications for obtaining funding to support cybersecurity compliance under the Statewide Health Care Transformation Program
  • Key considerations for ongoing compliance with cybersecurity requirements and enforcement
  • Actions providers can take to protect their organizations and mitigate risk
  • Lessons for other states seeking to enhance cybersecurity protections for providers


Date and Time 

Tuesday, January 30
1:00 – 2:00 p.m. ET


This program has been approved for 1.0 NY CLE Cybersecurity-General (transitional and non-transitional) and for 1.0 CA MCLE Technology in Law credit.

If you would like to receive an audio transcript of this webinar due to accessibility issues, please email us at

This program does not constitute legal advice, nor does it establish an attorney-client relationship. Views expressed by presenters are strictly their own and should not be construed to be the views of Manatt or attributed to Manatt.



pursuant to New York DR 2-101(f)

© 2024 Manatt, Phelps & Phillips, LLP.

All rights reserved