Senate Committee Advances Rural Hospital Cybersecurity Enhancement Act
The Senate Homeland Security and Governmental Affairs Committee has advanced a bill that seeks to address the current shortage of cybersecurity skills in rural hospitals, which are increasingly targeted by cybercriminals. Rural hospitals do not have the resources available to invest in cybersecurity and struggle to recruit skilled cybersecurity professionals and, as such, are seen as soft targets by cybercriminals.
The Rural Hospital Cybersecurity Enhancement Act, which was introduced by Sen. Josh Hawley (R-MO) and co-sponsored by Sens. Gary Peters (D-MI) and Jon Ossoff (D-GA), calls for the development of a comprehensive rural hospital cybersecurity workforce development strategy to address the current shortage of cybersecurity staff at rural hospitals. The Rural Hospital Cybersecurity Enhancement Act requires the Secretary of the Department of Homeland Security to develop a comprehensive rural hospital cybersecurity workforce development strategy to address the growing need for skilled cybersecurity professionals in rural hospitals within a year of enactment of the act.
When developing the cybersecurity workforce development strategy, the Secretary should consider partnerships between rural hospitals, private sector entities, educational institutions, and non-profits to expand cybersecurity education and training programs tailored to the needs of rural hospitals, the development of a cybersecurity curriculum and teaching resources for rural educational institutions, and make recommendations for legislation, rulemaking, and/or guidance for implementing the strategy.
Rural hospitals are operating under increasing financial pressure and lack the necessary funding for cybersecurity. Currently, few rural hospitals have dedicated cybersecurity workers and IT staff are generally in short supply and overworked. Cybersecurity positions in rural hospitals typically have low remuneration, and the lack of funding means individuals who take on cybersecurity roles do not have access to the latest cybersecurity tools that would be at their disposal in other positions. The global shortage of skilled cybersecurity professionals is unlikely to be resolved in the short to medium term, so the aim of the bill is to address the shortage through teaching programs at rural educational institutions and developing rural hospital workforces through education on fundamental aspects of cybersecurity.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sen. Rand Paul (R-TX) tabled an amendment to the original bill, stipulating that CISA should not ask for additional funds for the proposed measures, and the amended bill will now head to the Senate floor for a vote. The advancement of the Rural Hospital Cybersecurity Enhancement Act occurred a few days after the announcement that a rural hospital in Illinois will permanently close on June 16, 2023, due, in part, to the financial pressures caused by a ransomware attack.
“I am encouraged Congress is taking bipartisan action to shore up the ability of small-town hospitals to defend themselves from cyberattacks,” said Senator Hawley. “We must continue working diligently to improve cybersecurity preparedness in rural hospitals to both protect the sensitive medical and personal data of American patients and defend our national security.”
