A bipartisan group of senators introduced a new bill last week that would direct the Cybersecurity and Infrastructure Security Agency (CISA) to hire a special liaison to the Department of Health and Human Services (HHS) to coordinate during cybersecurity incidents.
The Healthcare Cybersecurity Act – introduced July 11 by Sens. Jacky Rosen, D-Nev., Todd Young, R-Ind., and Angus King, I-Maine – follows the February ransomware attack on Change Healthcare, a subsidiary of the UnitedHealth Group.
The senators said the cyberattack that paralyzed the largest healthcare payment system in the country highlighted “the lack of preparation and training during the recovery process.”
“The health care industry is still reeling from recent cyberattacks, and rural and small health care entities in Nevada have been particularly affected,” said Sen. Rosen. “It’s imperative that we take measures to improve cybersecurity in the health care sector to prevent data breaches … I’ll keep working to strengthen the cybersecurity of this critical sector and keep people safe from malicious actors.”
The Healthcare Cybersecurity Act would require CISA and HHS to collaborate on improving cybersecurity and make resources available to non-Federal entities relating to cyber threat indicators and appropriate defense measures. The bill would also create a special liaison to HHS within CISA to coordinate during cybersecurity incidents and collaborate to support health care and public health sector entities.
“These attacks and breaches of data can literally mean the difference between life and death for patients, significantly impact hospital operations, and – with the average hack costing millions to address – increase healthcare prices across the board,” Sen. King said. “The bipartisan Healthcare Cybersecurity Act will take important steps toward protecting patients’ data and healthcare provider capabilities, and bolstering our cybersecurity infrastructure and response.”
Sen. Rosen first introduced the Healthcare Cybersecurity Act in the last Congress in March 2022, but it never made it out of committee.
Several lawmakers have taken to legislation since the ransomware attack in February to address the lack of cybersecurity regulations in the healthcare sector, with Sen. Mark Warner, D-Va., introducing legislation that would provide financial incentives for healthcare providers to boost their cyber defense.
The White House Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said they are working on putting in place minimum cybersecurity requirements for the healthcare sector, but Sen. Ron Wyden, D-Ore., recently criticized the Biden administration’s timeline to implement healthcare cybersecurity regulations, saying that it is “not soon enough.”
