Senators introduce bipartisan bill to strengthen cybersecurity protections

A group of US Senators from both sides of the aisle have introduced new legislation aimed at helping healthcare organizations withstand ransomware and other cyberattacks.

WHY IT’S IMPORTANT
The new bill, The Health Care Cybersecurity and Resiliency Act of 2024, was introduced by HELP Committee ranking member Dr. Bill Cassidy, R-La., along with Sens. Mark Warner, D-Va., John Cornyn, R-Texas, and Maggie Hassan, DN.H.

“This bipartisan legislation ensures that healthcare institutions can protect Americans’ health information against the growing threat of cyber threats,” Cassidy said in a press release.

All of those senators are members of the health care task force that was formed on Capitol Hill last year, and the provisions of this legislation appear in their discussions there.

Among other requirements, the Cybersecurity and Resiliency Act will provide grants to health care organizations to help them improve their ability to prevent and respond to cyberattacks, in addition to funding training to help promote cybersecurity best practices.

In particular, grants would be directed to communities in need, helping rural health clinics and other providers to improve network hygiene, strengthen stability and improve cooperation with federal agencies.

The bill also calls for better collaboration between the Department of Health and Human Services and the Cybersecurity Agency of the Department of Homeland Security and Infrastructure to better respond to cybersecurity oversight needs.

On the policy front, the act would require revisions and revisions to existing regulations governing HIPAA-covered entities — requiring them and their business partners to adhere to certain core standards and “use modern practices.” now of cybersecurity – and will require the US Secretary of Health and Human Services to develop and implement a cybersecurity incident response plan.

A HUGE MAN
Cassidy, Warner, Cornyn and Hassan convened the Senate Health Care Cybersecurity Working Group in January 2023 to respond to the “alarming increase in cyberattacks” on health care organizations, as Cassidy put it at the time, noting that at that time 89 million Americans saw their condition. health information breached by 2023 – twice as many as last year.

Those attacks cost $10 million per breach, on average. Worse, they can often disrupt the delivery of care for days or weeks, posing significant risks to patient safety.

“Cyberattas’ attacks on our healthcare systems and organizations not only threaten personal information, but can have life-and-death consequences in a short period of disruption,” Warner said. “I am proud to introduce this bipartisan legislation that strengthens our cybersecurity and better protects patients.”

Rural hospitals, with limited resources and understaffed, are particularly vulnerable. (The White House, along with Big Tech giants Google and Microsoft, have provided funding and expertise to help them.)

As the ongoing crisis of cyberattacks reaches “epidemic proportions,” government leaders are advocating for increased public-private partnerships and limited security measures to help organizations health operations to strengthen and stabilize their defense positions and improve their response.

Meanwhile, other laws have been introduced to respond to the cybersecurity crisis. Earlier this fall, Warner, along with Sen. Ron Wyden, D-Ore., introduced a separate bill in the Finance Committee, the Health Insurance Portability and Accountability Act, which would increase funding for rural and underserved hospitals to help them achieve certain prescribed protection. regulations.

ADD TO CANCEL
“Cyberattas attacks in the health care sector can have many devastating consequences, from exposing personal medical information to disrupting care in ERs – and it can be especially difficult for medical providers in rural areas. have limited resources to prevent and respond to these attacks,” Hassan said in a statement. “Our bipartisan task force came together to advance this legislation based on the most pressing needs of healthcare providers and patients, and I encourage my colleagues to support it. “

“In an increasingly digital world, it is imperative that Americans’ health data be protected,” added Cornyn. “This commonsense legislation would improve the cybersecurity practices of our healthcare facilities, increase agency collaboration, and provide tools to rural providers to prevent and respond to cyber attacks.”

Mike Miliard is the managing editor of Healthcare IT News
Email: mike.miliard@himssmedia.com
Healthcare IT News is a publication of HIMSS.