powered by LeadingAge New York

DFS Proposes Updates to Cybersecurity Regulations

The New York State Department of Financial Services (DFS) has officially proposed amendments to its regulations relating to cybersecurity requirements for regulated entities, including Continuing Care Retirement Communities (CCRCs). The comment period will remain open until Jan. 9, 2023.

As anticipated based on pre-proposed amendments, the proposed changes include:

  • the creation of three tiers of companies and size distinctions to tailor the regulation to the diverse range of regulated businesses with different defensive needs;
  • enhanced governance requirements that will increase accountability for cybersecurity at the Board and C-Suite levels;
  • additional controls to prevent or mitigate the spread of a cybersecurity attack;
  • more regularly required risk and vulnerability assessments and more robust incident response; and
  • directing companies to invest in regular training and cybersecurity awareness programs relevant to their personnel.

LeadingAge NY will continue to work with affected organizations and our business partners to fully analyze the implications of the proposed regulatory changes for CCRCs and other provider member types, and to respond accordingly within the public comment period. Members are encouraged to submit their comments, questions, and concerns on the proposed regulations to Annalyse K. Denio as soon as possible to help shape the association's response, due Mon., Jan. 9th.

Read the full proposed regulation changes here.

Contact: Annalyse Komoroske Denio, akomoroskedenio@leadingageny.org, 518-867-8866