HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Bipartisan Bill Proposed to Strengthen Healthcare and Public Health Sector Cybersecurity

A new bill has been proposed by a bipartisan pair of senators that aims to improve the cybersecurity of the healthcare and public health (HPH) sector, in light of the recent warning from the White House about the increased threat of Russian cyber threats.

Last week, President Biden and the White House issued a warning about the increased risk of Russian cyberattacks on critical infrastructure, including potential attacks on the HPH sector in response to the sanctions recently imposed by the United States on Russia due to the invasion of Ukraine. The warning was “based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” said President Biden.

In response to the warning, on Thursday, March 24, 2022, U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) proposed the Healthcare Cybersecurity Act (S.3904). One of the main aims of the act is to improve collaboration between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services. If passed, CISA would be required to collaborate with the HHS on a range of cybersecurity measures to better defend the HPH sector against cyberattacks.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

CISA would be required to conduct a detailed study on specific cybersecurity risks facing the HPH sector, which would involve “an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.” The bill will also authorize cybersecurity training for HPH sector operators to improve awareness of cybersecurity risks and the most effective ways to mitigate them.

2021 was a particularly bad year for healthcare industry cyberattacks. 714 data breaches of 500 or more records were reported to the Department of Health and Human Services last year, making 2021 the worst ever year for healthcare industry data breaches. Almost 46 million records were reported to the HHS as being breached in 2021. Data breaches are now being reported at twice the level of 2017 and hacking incidents have increased every year. In 2021, 82% of the reported healthcare data breaches were classed as hacking/IT incidents, compared to just 41% in 2017.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” said Dr. Cassidy. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.