CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity

US senators introduce new legislation to protect health data and strengthen the cybersecurity of the country’s healthcare sector.

US senators Bill Cassidy (R-LA), Mark Warner (D-VA), John Cornyn (R-TX), and Maggie Hassan (D-NH) have introduced a bipartisan bill seeking stronger cybersecurity in the healthcare sector and the protection of health data.

The Health Care Cybersecurity and Resiliency Act of 2024 (PDF) calls for updated Health Insurance Portability and Accountability Act (HIPAA) regulations and for financial aid for low-resourced entities to improve cybersecurity across the healthcare sector.

Per the bill, the Department of Health and Human Services (HHS) will coordinate with the US cybersecurity agency CISA to strengthen the sector’s cybersecurity stance through information sharing and the development of products tailored for healthcare organizations.

The legislation also dictates that the HHS secretary, in coordination with CISA, will provide training to health and public health sector asset owners and operators, promoting cybersecurity literacy and expertise.

Within one year of the bill’s enactment, the HHS secretary will be required to develop and implement a cybersecurity incident response plan ensuring that public and private entities are prepared for and can properly respond to cybersecurity incidents.

Additionally, the bill directs the HHS secretary to promulgate updated regulations requiring entities in the healthcare sector that have experienced cybersecurity incidents to publicly share information on corrective actions and recognized security practices they have adopted.

The Health Care Cybersecurity and Resiliency Act of 2024 also requires that all covered entities and their business partners disclose the number of individuals potentially affected by a cybersecurity incident.

The bill also dictates that rural entities and rural health clinics will be provisioned with guidance on security best practices, and that eligible entities will receive grants enabling them to adopt and use cybersecurity best practices.

Advertisement. Scroll to continue reading.

“Eligible entities include: hospitals, cancer centers, rural health clinics, health facilities operated by the Indian Health Service, academic health centers, or a nonprofit entity that enters into a partnership with an eligible entity,” reads a section-by-section summary (PDF) of the bill.

The new legislation was introduced in response to an increase in cyberattacks, data breaches, and ransomware incidents across the healthcare sector, some of which caused massive disruptions, impacted millions of individuals’ personal information, and put patients’ lives at risk.

“Cyberattacks on our health care systems and organizations not only threaten personal and sensitive information, but can have life-and-death consequences with even the briefest period of interruption. I’m proud to introduce this bipartisan legislation that strengthens our cybersecurity and better protects patients,” Senator Warner said.

Related: Risk and Regulation: Preparing for the Era of Cybersecurity Compliance

Related: Bill Would Force Period Tracking Apps to Follow Privacy Laws

Related: Experts Analyze Proposed Bill Allowing Private Entities to ‘Hack Back’

Related: Tech Companies Pledge Billions in Cybersecurity Investments

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.