Senators Introduce Bill to Strengthen Cybersecurity in Healthcare

On March 23, U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV) introduced the Healthcare Cybersecurity Act. The act aims to direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together on how to improve cybersecurity processes in hospitals and health systems.

A press release on the bill states that “In 2021, 46 million Americans had their health information breached as a result of a cyberattack, a threefold increase in three years. Cassidy and Rosen are both members of the Senate Health, Education, Labor and Pensions (HELP) Committee.”

That said, “The bill would:

• Require CISA and HHS to collaborate, including by entering into an agreement, to improve cybersecurity in the Healthcare and Public Health sector, as defined by CISA.
• Authorize cybersecurity training to Healthcare and Public Health sector asset owners and operators on cybersecurity risks and ways to mitigate them.
• Require CISA to conduct a study on specific cybersecurity risks facing the Healthcare and Public Health Sector, including an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.”

Cassidy was quoted in the release saying that “Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks. This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” adds Rosen. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Cyber incidents are certainly not slowing down, especially in the healthcare sector. Just last week, we reported that the Hive Ransomware group, which was first observed in June of 2021 and known to target healthcare organizations, had stolen 850,000 PII records from the Partnership HealthPlan of California.