NFPA seeks comments on proposed cybersecurity requirements
Cybersecurity has been a growing concern for many industries. With the onset of the COVID-19 pandemic five years ago, the number of cyberthreat actors increased exponentially, and that trend has only continued to rise in subsequent years.
According to the Department of Health and Human Services (HHS) Office for Civil Rights, the health care and public health sector suffered nearly 600 breaches of protected health information affecting 500 or more individuals in 2024.
Several agencies have stepped in to protect critical infrastructure like health care facilities and other health care stakeholders from nefarious attacks. For instance, the Health Sector Cybersecurity Coordination Center, part of HHS, provides a centralized force to encourage vigilance and awareness regarding cyberattacks via enhanced detection and evaluation of cyberthreats. The center also communicates cybersecurity best practices across the field.
As part of the effort to protect health care facilities from cyberthreats, the National Fire Protection Association’s committee for NFPA 99, Health Care Facilities Code, has introduced a new chapter on building system cybersecurity for the code’s 2027 edition.
The proposed chapter, which the American Society for Health Care Engineering (ASHE) made available to its members to review and comment on by April 1, is comprised of 12 sections. The chapter covers concerns such as cybersecurity provisions for equipment, network-connected systems, software updates and evidence of cybersecurity compliance.
In its recent Advocacy Alert, ASHE states that, “In light of past cybersecurity breaches involving building systems, [we] endorse the effort to create general cybersecurity standards or regulations to help prevent future incidents and mitigate their impact on patient care.” ASHE further explains that member input will help to “ensure that the requirements effectively protect hospitals and their patients without creating unnecessary burdens.”