Bipartisan Healthcare Cybersecurity Act On the Move

As healthcare providers and ancillary human services face growing challenges in cybersecurity, the federal government sees a time to act. In the past year, cybersecurity attacks have crippled some healthcare organizations. Ascension Health, one of the largest nonprofit healthcare providers in the U.S., scrambled to adapt after a significant cyber event. The event, reported to the Department of Health and Human Services Office for Civil as a ransomware breach, left Ascension without some critical systems for more than three weeks. Change Healthcare’s data breach this past spring threatened provider livelihood, especially in already underserved markets, as they could not get timely reimbursement for their services. Legislators on both sides of the aisle have had enough.

In July, a group of bipartisan senators introduced the Healthcare Cybersecurity Act of 2024. This bipartisan bill has passed some procedural measures, including clearing the Senate Homeland Security and Governmental Affairs Committee with a vote of 10-1. It now awaits a full Senate vote. The House of Representatives appears to be on board and in collaboration as well. Three bipartisan members of Congress introduced a companion bill in the house in late July. The companion House bill requires review by both the Homeland Security and Energy and Commerce committees before moving forward.

Arguably, much of the new bill would be redundant to current HIPAA Security Rule requirements. But it sends a message that the federal government expects better security performance, cybersecurity infrastructure and enforcement in the healthcare industry.

Briefly, the Healthcare Act would establish a special liaison within the Cybersecurity and Infrastructure Security Agency (CISA) for the healthcare sector. That role would aid in the federal response to significant healthcare cybersecurity attacks. On a related note, the bill requires the new CISA liaison to submit a report to Congress and give the HHS Department cybersecurity plans. However, the House bill doesn’t provide additional funding to healthcare organizations to better address emerging cybersecurity risks, training and appropriate defense measures.

In the meantime, this still leaves these organizations in the healthcare sector struggling to keep up often with manual processes that do not scale as the organization changes and aren’t current with the latest regulatory updates, including NIST, which surfaces the need for a cost-efficient solution to monitor, assess and track escalating threats.

However, the introduction of this bipartisan legislation is, indeed, a critical step toward fortifying our healthcare infrastructure and strengthening cybersecurity measures across the sector. By addressing these urgent needs, the Healthcare Cybersecurity Act of 2024 aims to provide a more robust defense against healthcare cyberattacks and escalating threats, ensuring patient safety and that healthcare providers can continue to operate securely in an increasingly digital world.