Protecting Americans’ health data and strengthening cybersecurity protections across the healthcare sector are the focus of a bill introduced Friday by a bipartisan group of four senators.
of Healthcare Cybersecurity and Resiliency Act of 2024 (S.5390) for one year for Sen. Bill Cassidy (R-La.), Sen. Maggie Hassan (Den.), Sen. John Cornyn (R-Texas), and Sen. Mark Warner (Va.). This is the culmination of many years of efforts. Working group formed in November 2023 Investigating cyber issues in healthcare.
Under the Senate Health, Education, Labor and Pensions Committee, senators will address the Department of Health and Human Services’ alarming statistics that the health information of 89 million Americans, more than twice that number, was compromised last year. was aiming for. Like in 2022.
“In an increasingly digital world, protecting Americans’ health data is essential,” Cornyn said. stated in a statement. “This common sense legislation would modernize healthcare cybersecurity practices, strengthen government coordination, and provide local healthcare providers with tools to prevent and respond to cyberattacks. Sho.”
Cassidy said: “Cyberattacks against the healthcare sector not only put patients’ sensitive medical data at risk but can also delay life-saving care. This bipartisan legislation will protect healthcare organizations from increasing cyber threats to Americans’ health data. will be able to protect you.”
The bill begins by strengthening collaboration between HHS and the Cybersecurity and Infrastructure Security Agency, and includes additional communications to help agencies better protect and respond to cyberattacks in the healthcare sector. promote.
It also requires the HHS Secretary to develop and implement a cyber incident response plan within one year of enactment. The bill specifies that the plan should be developed in consultation with the directors of CISA, the Office of Management and Budget, and the National Institute of Standards and Technology.
There are also calls to modernize current regulations related to the Health Insurance Portability and Accountability Act and ensure that HIPAA-covered entities are following cyber best practices.
Other measures in the bill include providing grants to providers to improve their cyberattack prevention and response protocols, conducting training sessions on cyber best practices for healthcare providers, and collaborating with federal agencies on breach prevention. This includes support for local clinics. Resilience and other mitigation strategies.
“Cyberattacks in the healthcare sector can have a wide range of devastating consequences, from leaking personal medical information to disrupting care in the ER, especially for rural healthcare providers with fewer resources. Preventing and responding to these attacks can be difficult,” Hassan said in a statement. “Our bipartisan working group came together to develop this bill based on the most pressing needs for health care providers and patients, and I urge my colleagues to support this bill. ”
Earlier this year, Warner and U.S. Sen. Ron Wyden (D-Ore.) launched a campaign against providers, health plans, and connected entities in response to the February ransomware attack on UnitedHealth Group Inc.’s Change Healthcare. Introduced legislation to create mandatory minimum cybersecurity standards. Payment processor.
The breach affected a record 100 million Americans, and Change Healthcare’s chief information security officer said the company was forced to “start from scratch” with its IT systems.
“Cyberattacks against health care systems and organizations not only threaten personal and sensitive information, but even the slightest disruption can be life-or-death,” Warner said of the new bill. “I am proud to introduce this bipartisan bill that will strengthen our cybersecurity and better protect our patients.”
