Reps. Jason Crow, D-Colo., Brian Fitzpatrick, R-Penn., and Andy Kim, D-N.J., this week introduced the Healthcare Cybersecurity Act to require the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate with the Department of Health and Human Services (HHS) on improving cybersecurity activities.
The bipartisan Senate companion bill was introduced last month by Sens. Jacky Rosen, D-Nev., Todd Young, R-Ind., and Angus King, I-Maine.
“Hospitals and health centers are fundamental pillars of our nation’s infrastructure. With the alarming rise in malicious cyberattacks causing critical data breaches, increased healthcare costs, and jeopardized patient health, we cannot delay action in addressing this issue. By providing new resources for cybersecurity risk training and fortifying our cybersecurity protections nationwide, our bipartisan legislation takes decisive action to safeguard our healthcare systems and protect lives,” said Rep. Fitzpatrick.
The Healthcare Cybersecurity Act follows the February ransomware attack on Change Healthcare, a subsidiary of the UnitedHealth Group.
The lawmakers said the cyberattack that paralyzed the largest healthcare payment system in the country highlighted “the lack of preparation and training during the recovery process.”
The bill would create a special liaison to HHS within CISA to coordinate during cybersecurity incidents and collaborate to support health care and public health sector entities. The Healthcare Cybersecurity Act would also make resources available to non-Federal entities relating to cyber threat indicators and appropriate defense measures.
“As data breaches and other cyber threats target more and more people each year, Americans deserve to know their healthcare information is going to be protected,” said Rep. Kim. “I am proud to help introduce this bipartisan legislation to address vulnerabilities to cyber attacks in the healthcare industry and help make sure providers on the ground have the tools and updated resources they need to protect patients and their information from any future breaches.”
The Healthcare Cybersecurity Act – which was first introduced by Sen. Rosen last Congress but never made it out of committee – was sent to the full Senate for consideration ahead of the August recess.
The House version of the bill was referred to the Committee on Homeland Security and the Committee on Energy and Commerce on Aug. 27.