Beyond the 72-hour reporting requirement, which took effect on October 2, 2024, hospitals must implement key cybersecurity measures, such as multifactor authentication and a robust incident response plan, by October 2025. These regulations currently apply only to general hospitals, excluding other healthcare facilities like nursing homes and diagnostic centers.