The new act, a companion to an act introduced to the Senate, hopes to improve healthcare cybersecurity by increasing government partnerships and more.
Lawmakers have recently introduced the Healthcare Cybersecurity Act in the House of Representatives. The act, led by Jason Crow (C-Colo.), Brian Fitzpatrick (R-Pa.), and Andy Kim (D-N.J.), aims to encourage collaboration between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA). The bill will also make cyberthreat defense resources available to nonfederal entities.
The act comes after the Change Healthcare attack that sent shockwaves down the healthcare sector and beyond. The massive breach, estimated to impact one-third of Americans, showed the vulnerability and interconnectivity among healthcare organizations and their associates.
Lawmakers further emphasized the act’s necessity, citing a 2022 HHS report that found breaches of protected health information (PHI) had increased 107% since 2018.
If passed, the act would require the HHS and CISA to submit a report about their actions to improve cybersecurity in the healthcare sector.
“Hospitals and health centers are fundamental pillars of our nation’s infrastructure. With the alarming rise in malicious cyberattacks causing critical data breaches, increased healthcare costs, and jeopardized patient health, we cannot delay action in addressing this issue,” said Fitzpatrick. “By providing new resources for cybersecurity risk training and fortifying our cybersecurity protections nationwide, our bipartisan legislation takes decisive action to safeguard our healthcare systems and protect lives,” he added.
Angus King (I-Me.), one of the senators who introduced the Senate companion bill said, “These attacks and breaches of data can literally mean the difference between life and death for patients, significantly impact hospital operations, and–with the average hack costing millions to address–increase healthcare prices across the board.”
If passed, the bill should increase cybersecurity risk training and improve coordination efforts between CISA and the HHS, allowing for more communication and collaboration during cybersecurity incidents.
Major attacks like the Change Healthcare breach, and now the National Public Data breach, point to the prevalence and severity of cyberattacks. While these attacks aren’t new, they are becoming more damaging, especially as healthcare organizations continue to rely on associates for many tasks, including administrative, insurance, operational, and more.
While the passage of the act may not put an immediate stop to attacks, it could make organizations better equipped to handle emerging cyber threats.