NFPA 99 Cybersecurity Chapter public input
The National Fire Protection Association (NFPA) is requesting feedback on a newly proposed chapter focused on cybersecurity for the 2027 edition of NFPA 99, Health Care Facilities Code.
In light of past cybersecurity breaches involving building systems, the American Society for Health Care Engineering (ASHE) endorses the effort to create general cybersecurity standards or regulations to help prevent future incidents and mitigate their impact on patient care.
ASHE is seeking input from its members on the proposed chapter to ensure that the requirements effectively protect hospitals and their patients without creating unnecessary burdens. Please review the proposed chapter and submit your feedback by April 1.
ASHE has provided a draft of the proposed chapter to its members with an opportunity to submit a modification included after each section. Items preceded with an “A” are annex information and are intended to be explanatory and not enforceable. Forms to comment on the proposed chapter in general or inquire about committee participation are available at the end of the draft.
The statement below from the NFPA 99 committee explains the intent of the proposed chapter and encourages committee participation.
Statement from the NFPA 99 committee: “Requirements for cybersecurity within the health care environment are not currently codified in NFPA 99. This committee input is the initial proposal for a new chapter on cybersecurity. The committee is soliciting public comment from stakeholders on this draft. Its inclusion as Chapter 8 is the initial proposal, but if public comments provide a better location this will help the committee in the final version of this new chapter. The committee is also seeking expertise to participate in a task group that will work to develop public comments between the first and second draft.”