Bipartisan Bill Aims to Ensure the HHS is Implementing Effective Cybersecurity Measures
A bipartisan Senate bill has been introduced that aims to improve healthcare cybersecurity and ensure that the Department of Health and Human Services (HHS) is implementing effective cybersecurity measures to combat evolving cyber threats. In 2023, record numbers of healthcare records were compromised, and more data breaches were reported than in any other year to date. More than 133 million healthcare records were compromised in 2023 across more than 725 reported breaches, the majority of which were hacking incidents.
Healthcare organizations must ensure that they are compliant with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which sets minimum standards for cybersecurity. The HHS is the main enforcer of compliance with the HIPAA Rules and issues guidance on healthcare cybersecurity. The HHS also manages the health data of approximately 65 million Americans who receive healthcare services through Medicare. As such, it is vital that the cybersecurity measures at the HHS are robust and capable of defending against evolving cyber threats.
The Strengthening Cybersecurity in Health Care Act was introduced by Senator Angus King (I-ME), Co-Chair of the Cybersecurity Solarium Commission and a member of the Senate Armed Services (SASC) and Intelligence Committees (SSCI), and Senator Marco Rubio (R-FL) and takes aim at the HHS and the cybersecurity protocols and practices that the HHS has introduced to combat evolving cyber threats.
“In recent years, several of Maine’s major healthcare providers have been the victims of cyberattacks. This threat to America’s critical infrastructure is real, and could literally mean the difference between life and death — we must take proactive steps to enhance the cybersecurity of our healthcare and public health sectors,” said Senator King. “The bipartisan Strengthening Cybersecurity in Health Care Act would help ensure that health institutions have the resources to keep patient data safe. As the number of threats continues to grow, consistent evaluations will prove to be a lifeline to the medical community treating our family and friends.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Strengthening Cybersecurity in Health Care Act requires the Inspector General of the HHS to evaluate the cybersecurity practices and protocols of the HHS. At least every two years, cybersecurity reviews and penetration tests should be conducted on HHS IT systems, and biennial reports should be submitted to Congress on the current cybersecurity practices at the HHS and its progress on future security practices that it is working on.
