Healthcare Cybersecurity Act Introduced in House of Representatives
The bipartisan Senate bill, the Healthcare Cybersecurity Act, which was introduced following the ransomware attack on Change Healthcare, now has a companion bill in the House of Representatives. The Senate Healthcare Cybersecurity Act was introduced by Senators Jacky Rosen (D-NV), Todd Young (R-IN), and Angus King (I-ME) in July 2024, and the companion bill was introduced in the House by Representatives Jason Crow (D-CO), Brian Fitzpatrick (R-PA), and Andy Kim (D-NJ).
The healthcare industry is increasingly being attacked by malicious actors who attempt to steal sensitive patient data to sell to cybercriminals or hold to ransom. According to an HHS Office for Civil Rights (OCR) 2022 report, cyber healthcare data breaches increased by 93% from 2018 to 2022 and large data breaches increased by 107% over that period. The OCR data breach portal shows there were 744 healthcare data breaches of 500 or more records in 2023 and more than 160 million healthcare records were breached. From January 1, 2024, to July 31, 2024, 466 large healthcare data breaches have been reported to OCR involving more than 47 million healthcare records, including the hugely disruptive ransomware attack on Change Healthcare. It is still unclear how many records were exposed or stolen in that attack, but it may have involved the healthcare data of 1 in 3 Americans.
The Change Healthcare ransomware attack caused an outage that lasted for months resulting in a huge disruption to healthcare services across the country as healthcare providers were prevented from billing and receiving payment for their services. The lengthy outage highlighted a lack of preparedness for a cyberattack and a lack of preparation and training during the recovery process.
The Healthcare Cybersecurity Act seeks to address the problem by requiring the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services to work together and implement a variety of measures to improve cyber defenses in the healthcare sector, including making cyber threat defense resources available to nonfederal entities to help them improve their defenses.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Healthcare Cybersecurity Act calls for the creation of a special liaison within CISA to coordinate during cybersecurity incidents and collaborate to support healthcare and public health sector entities. The liaison will be the primary point of contact within CISA for the HHS to coordinate cybersecurity issues and will facilitate threat sharing between CISA and the HHS. CIA and the HHS are also required to submit a report to Congress describing the actions being taken to improve cybersecurity coordination between CISA and the HHS.
“Cyberattackers are targeting Americans’ medical data and must be stopped,” said Congressman Crow. “I’m leading this effort to bolster cyber defenses and protect some of Americans’ most personal and sensitive information from malicious actors.”
“With the alarming rise in malicious cyberattacks causing critical data breaches, increased healthcare costs, and jeopardized patient health, we cannot delay action in addressing this issue,” added Congressman Fitzpatrick. “By providing new resources for cybersecurity risk training and fortifying our cybersecurity protections nationwide, our bipartisan legislation takes decisive action to safeguard our healthcare systems and protect lives.”
The Senate bill recently cleared the Senate Homeland Security and Governmental Affairs Committee with a vote of 10-1 and is now ready for a full Senate vote. The companion House bill now awaits review by the House Homeland Security and Energy and Commerce committees.
