March 23, 2022

Cassidy, Rosen Introduce Bill to Improve Cybersecurity in Medical Industry

WASHINGTON – U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV) introduced the Healthcare Cybersecurity Act, which would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on how to improve cybersecurity measures in hospitals and other healthcare centers. In 2021, 46 million Americans had their health information breached as a result of a cyberattack, a threefold increase in three years. Cassidy and Rosen are both members of the Senate Health, Education, Labor and Pensions (HELP) Committee. 

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” said Dr. Cassidy. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

The bill would:

  • Require CISA and HHS to collaborate, including by entering into an agreement, to improve cybersecurity in the Healthcare and Public Health sector, as defined by CISA.
  • Authorize cybersecurity training to Healthcare and Public Health sector asset owners and operators on cybersecurity risks and ways to mitigate them. 
  • Require CISA to conduct a study on specific cybersecurity risks facing the Healthcare and Public Health Sector, including an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.