Four US senators introduced The Health Care Cybersecurity and Resiliency Act of 2024. The bipartisan bill will improve cybersecurity across healthcare organizations through grants and better federal coordination.
What happened
Senators Bill Cassidy, Mark Warner, John Cornyn, and Maggie Hassan introduced legislation to combat the growing threat of ransomware and other cyberattacks against healthcare organizations. The bill, spearheaded by the Senate Healthcare Cybersecurity Working Group, would provide grant funding for healthcare organizations, focusing on rural clinics and underserved providers.
The bill also requires an update of the current rules for HIPAA-covered entities to include modern cybersecurity standards, forcing HHS to create a thorough incident response plan. Better coordination would come from increased collaboration between HHS and CISA to address emerging threats.
The backstory
Cyberattacks on US healthcare organizations soared in 2023, compromising the data of 89 million Americans. These breaches cost an average of $10 million each and disrupted care delivery, sparking the formation of the Senate Healthcare Cybersecurity Working Group last year.
What was said
"Cyberattacks in the healthcare sector can have a wide range of devastating consequences," said Senator Hassan, emphasizing that the bill is centered on shoring up defenses among rural providers. Senator Cornyn referred to the legislation as "commonsense" and noted that it modernizes cybersecurity practices and improves interagency efforts.
Senator Warner warned that attacks expose sensitive information and risk patient safety during service disruptions.
Additionally, Senator Cassidy stated that covered entities must "safeguard Americans’ health data against increasing cyber threats."
By the numbers
- 89 million: Number of Americans affected by healthcare cyberattacks in 2023 (twice the amount recorded in 2022).
- $10 million: Average cost of a healthcare data breach.
Why it matters
Healthcare remains a prime target for cyberattacks with organizations often struggling to maintain adequate cybersecurity defenses. Prioritizing underserved communities and modernizing cybersecurity policies, the bill could address critical vulnerabilities and reduce the risk of operational disruptions, data theft, and patient harm.
The bottom line
Policymakers and healthcare providers must embrace collaboration and innovation to mitigate the escalating cybersecurity crisis.
Read also: Biggest healthcare industry cyberattacks
FAQs
Who needs to comply with HIPAA?
HIPAA compliance is required for covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates who handle protected health information (PHI).
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
How can healthcare organizations prevent data breaches?
Healthcare organizations can reduce the risk of data breaches by implementing strong cybersecurity measures, conducting regular security training for employees, and using encryption to protect sensitive data.
Learn more: HIPAA Compliant Email: The Definitive Guide
