A bipartisan bill introduced by Senators Angus King of Maine and Marco Rubio of Florida aims to promote cybersecurity within the U.S. Department of Health and Human Services (HHS) in response to the escalating number of cyberattacks on the healthcare sector. The bill, known as the Strengthening Cybersecurity in Health Care Act, seeks to address and improve the current cybersecurity practices within HHS, particularly considering the sensitive data managed by the department, which includes information related to 65 million Medicare patients.

In light of the dramatic increase in cyber threats and attacks on healthcare systems during the COVID-19 pandemic, the proposed legislation would mandate that HHS conduct cybersecurity evaluations and tests on its IT systems every two years. Additionally, the bill requires HHS to report to Congress on its efforts to update its cybersecurity strategy and how it is adapting to the ever-evolving landscape of cyber threats.

Sen. King emphasized the importance of consistent evaluations in light of growing cyber threats, highlighting the need to provide lifeline support to medical professionals treating patients. Meanwhile, Sen. Rubio highlighted the significant rise in cyberattacks on healthcare systems since the start of the pandemic and underscored the importance of protecting sensitive information and ensuring peace of mind for the American people during these challenging times.

In 2023, healthcare organizations reported a record-breaking 734 breaches, which affected approximately 135.3 million individuals. This surge in cyberattacks underscores the critical need for stronger cybersecurity measures within healthcare and related organizations. With the introduction of the Strengthening Cybersecurity in Health Care Act, federal lawmakers are taking concrete steps to address these escalating threats and provide enhanced protection for sensitive patient information.

The proposed bill outlines specific requirements for the HHS Office of Inspector General to evaluate the department’s cybersecurity practices and protocols every two years. This evaluation process includes conducting penetration and other tests to identify vulnerabilities in systems processing, transmitting, or storing sensitive patient data, such as Medicare beneficiary information. The bill also calls for regular reports to Congress on HHS’s cybersecurity practices and protocols, with an emphasis on the department’s ability to adapt to the latest cyber threats.

The legislation would strengthen the current requirements outlined in the Federal Information Security Modernization Act by explicitly mandating penetration and other security testing of HHS IT systems. The bill aims to complement the existing FISMA requirement by enhancing transparency and accountability in the evaluation of the department’s cybersecurity systems.

The introduction of the Strengthening Cybersecurity in Health Care Act is part of a broader congressional effort to address the escalating cybersecurity threats facing the healthcare sector. Other recent legislative initiatives include the formation of a bipartisan Senate working group focused on improving cybersecurity in healthcare, as well as the approval of the Rural Hospital Cybersecurity Enhancement Act, designed to assist rural hospitals in addressing cybersecurity personnel shortages.

The Biden administration has also made cybersecurity in the healthcare sector a priority, unveiling a concept paper outlining a strategy for enhancing cybersecurity and issuing guidance for implementing voluntary cybersecurity performance goals for healthcare entities.

Overall, the bipartisan effort to strengthen cybersecurity in the healthcare sector reflects a recognition of the urgent need to safeguard sensitive patient information and protect critical healthcare infrastructure from increasing cyber threats. With the introduction of the Strengthening Cybersecurity in Health Care Act, federal lawmakers are taking proactive steps to enhance the security posture of the U.S. Department of Health and Human Services, ultimately aiming to ensure the safety and well-being of patients and healthcare professionals across the nation.

Source link