Dive Brief:
- A group of bipartisan senators have introduced a bill that aims to boost cybersecurity in healthcare.
- The Healthcare Cybersecurity Act, sponsored by Sens. Jacky Rosen (D-Nev.), Todd Young (R-Ind.) and Angus King (I-Maine), would direct the Cybersecurity and Infrastructure Security Agency and the HHS to collaborate on improving cybersecurity in the sector and disseminate resources about cyber threat indicators and defense measures, according to a press release.
- The legislation would also create a special liaison to HHS within CISA that could help coordinate responses during cyberattacks.
Dive Insight:
The bill comes as the healthcare sector has faced growing cyber threats that could derail critical industry operations and impact patient safety.
Cyberattacks on hospitals can shut down key technology systems, like electronic health records, and push providers to cancel procedures or send ambulances to other facilities.
The industry has already experienced major cyberattacks this year. In a press release on the bill’s introduction, the senators pointed to the lingering impacts of the ransomware attack on technology firm and major medical claims processor Change Healthcare, which slowed work like payments to providers, prior authorization requests and eligibility checks for weeks.
The attack on Change may have exposed data of one-third of Americans, according to Andrew Witty, CEO of parent company UnitedHealth Group.
“These attacks and breaches of data can literally mean the difference between life and death for patients, significantly impact hospital operations, and — with the average hack costing millions to address — increase healthcare prices across the board,” King said in a statement.
Regulators and lawmakers have taken other steps that aim to improve cybersecurity in the sector. Rosen introduced similar legislation in 2022, and other legislators revealed a bill that would require the HHS to perform evaluations of its cyber systems earlier this year.
Another piece of legislation introduced this spring would offer advance and accelerated payments to providers in the wake of a cyber incident, as long as they and their vendors met minimum security standards.
The Biden administration has also weighed implementing cyber requirements. Early this year, the HHS released voluntary cybersecurity goals geared toward the healthcare sector, which would serve as a step toward enforceable standards.
The administration’s proposed budget for 2025 included funds for hospitals to boost their cyber preparedness, with eventual financial penalties if they fail to adopt protections.