The bipartisan U.S. senators have introduced the Health Care Cybersecurity and Resiliency Act of 2024, which seeks to bolster cybersecurity in healthcare, update HIPAA regulations, tackle vulnerabilities faced by rural healthcare providers, and enhance collaboration between HHS and CISA.
What happened
U.S. Senators Bill Cassidy (R-La.), Mark Warner (D-Va.), John Cornyn (R-Texas), and Maggie Hassan (D-N.H.) introduced the Health Care Cybersecurity and Resiliency Act of 2024 to strengthen healthcare cybersecurity, modernize the Health Insurance Portability and Accountability Act (HIPAA), and improve coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA). The legislation is the result of a bipartisan working group focused on addressing the growing challenges of cybersecurity within the healthcare sector.
Going deeper
The Health Care Cybersecurity and Resiliency Act of 2024 is a product of the Senate Healthcare Cybersecurity Working Group, formed in November 2023. The group’s primary objective was to identify legislative solutions for the increasing cyber threats facing healthcare institutions. With healthcare data becoming an increasingly attractive target for cybercriminals, the bill proposes a comprehensive approach to bolster cybersecurity within the sector, particularly focusing on improved coordination between HHS and CISA.
The legislation requires HHS and CISA to work more closely to share cyber threat information and enhance response efforts during cyberattacks. It also requires that HHS develop a cybersecurity incident response plan and provide guidance on recognized security practices under the Consolidated Appropriations Act of 2021. Additionally, the act would require updates to HIPAA to incorporate modern cybersecurity practices that align with the evolving digital landscape.
A notable provision of the bill addresses rural healthcare cybersecurity challenges. If passed, the act would require HHS to provide specific guidance to rural healthcare providers on breach prevention and how to coordinate with federal agencies to enhance resilience. Furthermore, it would allow HHS to offer grants to encourage adopting the best cybersecurity practices among healthcare entities.
Learn more: What is cybersecurity in healthcare?
What was said
According to Tech Target, Senator John Cornyn emphasized the bill's importance in protecting healthcare data, stating: "In an increasingly digital world, it is essential that Americans' healthcare data is protected. This commonsense legislation would modernize our healthcare institutions' cybersecurity practices, increase agency coordination, and provide tools for rural providers to prevent and respond to cyberattacks."
Senator Bill Cassidy also underscored the need for a robust cybersecurity framework in healthcare, noting: "We know that cyberattacks on healthcare institutions can have devastating consequences, not just for organizations but for patients whose data is at risk. This bill provides the necessary tools to ensure healthcare systems are resilient against these growing threats."
Senator Mark Warner stressed the bipartisan nature of the bill, saying: "Cybersecurity in healthcare is not a partisan issue—it's a national security issue. This bipartisan legislation represents a collaborative effort to protect the healthcare sector from the evolving threats we face in the digital age."
See also: HIPAA Compliant Email: The Definitive Guide
Why it matters
The bill aims to modernize the sector’s cybersecurity infrastructure, enhance federal coordination, and offer support to rural providers. If passed, the bill would strengthen protections for sensitive health data and provide healthcare entities with the tools needed to effectively respond to and prevent cyberattacks. With healthcare cybersecurity challenges continuing to evolve, this legislation may serve as a key foundation for safeguarding the digital health ecosystem in the future.
FAQs
What are the next steps for the bill?
If the bill is approved by Congress, it will be enacted into law and lead to significant improvements in healthcare cybersecurity practices, including enhanced agency coordination and better protections for sensitive healthcare data.
How does the bill help healthcare entities prepare for cyberattacks?
The bill requires HHS to develop a cybersecurity incident response plan, provide guidance on implementing recognized security practices, and create training programs in coordination with CISA to equip the healthcare workforce with cybersecurity skills.
See also: What is cyber-preparedness?
Tshedimoso Makhene
