< + > Proposed CISA rule would require reporting for cyber incidents and ransom payments

In healthcare, larger hospitals, all critical access hospitals, essential drug manufacturers and Class II and Class III devices would fall under the draft mandatory reporting rules, but health IT developers and others would not.