Senators are introducing a bipartisan bill to strengthen healthcare cybersecurity

A quartet of U.S. senators from both sides of the aisle have introduced new legislation aimed at helping healthcare organizations weather the onslaught of ransomware and other cyberattacks.

WHY IT’S IMPORTANT
The new bill, The Health Care Cybersecurity and Resiliency Act of 2024was introduced by HELP Committee member Dr. Bill Cassidy, R-Louisiana, along with Sen. Mark Warner D-Virginia; John Cornyn, R-Texas; and Maggie Hassan, D-New Hampshire.

“This bipartisan legislation ensures healthcare organizations can protect Americans’ health data from increasing cyber threats,” Cassidy said in a news release.

All of these senators are members of a working group on healthcare cybersecurity that was formed a year ago on Capitol Hill, and the provisions of this legislation emerge from their discussions there.

Among other requirements, the Cybersecurity and Resiliency Act would provide grants to healthcare organizations to help them strengthen their ability to prevent and respond to cyberattacks, in addition to funding training to promote cybersecurity best practices.

The grants would specifically target underserved communities to help rural health clinics and other providers improve basic cyber hygiene, increase resiliency, and improve coordination with federal agencies.

The bill also calls for better coordination between the Department of Health and Human Services and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to better respond to healthcare cybersecurity needs.

On the policy front, the bill would call for updates and modernization of existing regulations for HIPAA covered entities — requiring them and their business associates to adhere to certain basic standards and “use modern, up-to-date cybersecurity practices” — and would require the U.S. Secretary of Health and Human Services to develop and implement a cybersecurity incident response plan.

THE BIG TREND
Cassidy, Warner, Cornyn, and Hassan called the meeting to order Senate Cybersecurity Working Group in November 2023 in response to the “disturbing increase in cyberattacks” on healthcare organizations, as Cassidy said at the time, noting that in 2023 a then-record 89 million Americans had their health information compromised — twice as many as the year before.

These attacks cost an average of $10 million per breach. Worse, they can often disrupt care delivery for days or even weeks, posing significant risks to patient safety.

“Cyber ​​attacks on our healthcare systems and organizations not only threaten personal and sensitive information, but even the briefest interruption can have lifelong consequences,” Warner said. “I am proud to introduce this bipartisan legislation that will strengthen our cybersecurity and better protect patients.”

Rural hospitals, which lack adequate resources and staff, are particularly vulnerable. (The White House, along with major tech giants Google and Microsoft, has offered funding and expertise to help them.)

As the ongoing scourge of healthcare cyberattacks reaches “epidemic proportions,” federal leaders are calling for increased public-private partnerships and layered defense approaches to help healthcare systems strengthen and stabilize their security posture and improve their response capabilities.

Meanwhile, other legislation has been proposed in response to the cybersecurity crisis. Earlier this fall, Warner, along with Sen. Ron Wyden, D-Oregon, unveiled a separate Finance Committee bill, the Health Infrastructure Security and Accountability Act, that would also increase funding to rural and underserved hospitals to help them meet certain mandatory comply with cybersecurity protocols. .

ON THE RECORD
“Cyberattacks in healthcare can have a wide range of devastating consequences, from exposing private medical information to disrupting care in emergency rooms – and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent these attacks and respond to it.” Hassan said in a statement. “Our bipartisan working group came together to develop this legislation based on the most pressing needs for medical providers and patients, and I urge my colleagues to support it.”

“In an increasingly digital world, it is essential that America’s healthcare data is protected,” said Cornyn. “This common-sense legislation would modernize our healthcare facilities’ cybersecurity practices, increase agency coordination, and provide tools for rural providers to prevent and respond to cyberattacks.”

Mike Miliard is editor-in-chief of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.