Bipartisan Bill Introduced to Improve Cybersecurity in Healthcare
A bipartisan group of three senators has introduced legislation to improve cybersecurity in the healthcare and public health (HPH) sector. The Healthcare Cybersecurity Act of 2024 was introduced by Jacky Rosen (D-NV), Todd Young (R-IN), and Angus King (I-ME) in response to recent devastating cyberattacks, such as the ransomware attack on Change Healthcare that caused massive disruption for providers and patients across the country. That attack highlighted the impact of a lack of preparation and training on the recovery process.
If passed, the Healthcare Cybersecurity Act will direct the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with the Department of Health and Human Services to develop resources for non-federal entities on cyber threat indicators and appropriate defensive measures. CISA will also be required to create a special liaison to the HHS within CISA to coordinate the government’s response during cybersecurity incidents and provide support to HPH sector entities.
“It’s imperative that we take measures to improve cybersecurity in the health care sector to prevent data breaches and protect Nevadans, which is why I’m introducing this bipartisan legislation. I’ll keep working to strengthen the cybersecurity of this critical sector and keep people safe from malicious actors,” said Senator Rosen, who introduced a similar bill in 2022 that failed to get sufficient support. “Our bipartisan bill will take critical steps to strengthen cybersecurity infrastructure and better protect patients’ personal data,” added Senator Young.
Hacking incidents and ransomware attacks continue to increase. According to the HHS’ Office for Civil Rights (OCR), in the past 5 years, hacking incidents have increased by 256% and ransomware attacks have increased by 264%. Hacking incidents now account for 77% of the large data breaches reported to OCR, and those incidents are increasing in sophistication, frequency, and severity.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“These attacks and breaches of data can literally mean the difference between life and death for patients, significantly impact hospital operations, and — with the average hack costing millions to address — increase healthcare prices across the board. The bipartisan Healthcare Cybersecurity Act will take important steps toward protecting patients’ data and healthcare provider capabilities, and bolstering our cybersecurity infrastructure and response,” said Senator King, co-chair of the Cyberspace Solarium Commission.
More certainly needs to be done to improve healthcare cybersecurity and make it harder for hackers to breach healthcare networks. Earlier this year, OCR published voluntary HPH sector cybersecurity performance goals (HPH-CPGs) and is encouraging all healthcare organizations to adopt the HPH-CPGs. The HPH-CPGs consist of high-impact cybersecurity practices that should be prioritized to strengthen cyber preparedness, improve cyber resiliency, and ultimately protect patient health information and safety. Sen. Mark Warner does not believe that these will be enough to improve cybersecurity sufficiently across the sector and recently wrote to the HHS Secretary and Deputy National Security Advisor urging them to quickly develop minimum cybersecurity standards for the healthcare sector.
