The FHA's Mortgagee Letter 2024-23 mandates lenders to report cybersecurity breaches within 36 hours, improved from 12 hours, facilitating timely collaboration between parties and safeguarding sensitive information.
With the new 36-hour reporting requirement effective immediately, FHA-approved lenders must notify HUD as soon as possible after identifying a reportable cyber incident to bolster cybersecurity responses.
The prompt notification protocol aims to defend HUD's systems and ensure quick dialogue between HUD's Chief Information Security Officer and FHA mortgagees during a cybersecurity event.
Feedback from industry participants, specifically the NRMLA, highlighted the challenges in meeting the reporting deadline, suggesting further discussions may have warranted an extension beyond the newly established 36 hours.
Collection
[
|
...
]