Bipartisan Bill Seeks to Strengthen Health Care Cybersecurity Amid Rising Threats

In a significant move to bolster health care cybersecurity, a bipartisan bill has been introduced in the Senate, calling for updated HIPAA regulations and financial support for low-resourced health care organizations, according to an article in The HIPAA Journal.

The bill, introduced by Senators Bill Cassidy (R-LA), Mark Warner (D-VA), John Cornyn (R-TX), and Maggie Hassan (D-NH), is the result of a cybersecurity working group formed in 2023. The group was established in response to the alarming rise in cyberattacks and ransomware incidents targeting the health care industry. These attacks disrupt vital health care operations, delay life-saving care, and compromise sensitive patient data.

“In an increasingly digital world, it is essential that Americans’ health care data is protected,” said Senator Cornyn. He emphasized that the legislation would update cybersecurity practices, enhance federal coordination, and equip rural providers with tools to prevent and respond to cyberattacks.

The proposed legislation includes grants to support health care organizations, particularly those with limited resources, in adopting cybersecurity best practices. It calls for the Department of Health and Human Services (HHS) to work closely with the Cybersecurity and Infrastructure Security Agency (CISA) to improve responses to cyber threats. Key provisions include developing a cybersecurity incident response plan, updating the Office for Civil Rights (OCR) breach portal, and modernizing HIPAA regulations to include measures such as multifactor authentication, penetration testing, and regular security audits.

The HHS is also preparing to propose updates to the HIPAA Security Rule, currently under review by the White House. These updates are expected to include substantial cybersecurity enhancements and are anticipated to be released by the end of the year.

The Health Care Cybersecurity Resiliency Act builds on earlier legislative efforts, such as the Health Infrastructure Security and Accountability Act (HISAA), which was introduced after a ransomware attack on Change Healthcare exposed the data of 100 million Americans.

As bipartisan support for these measures grows, the health care sector could see significant advancements in its ability to protect against evolving cyber threats and ensure continuity of care for patients nationwide.

Reference

The HIPAA Journal. Bipartisan Senate bill seeks to strengthen healthcare cybersecurity. Published November 26, 2024. Accessed December 12, 2024. https://www.hipaajournal.com/bipartisan-healthcare-cybersecurity-resiliency-act-2024/