Nevada Democratic Sen. Jacky Rosen and Republican Louisiana Sen. Bill Cassidy plan to introduce bipartisan legislation today aimed at protecting hospitals and the health care sector from potential Russian cyberattacks.
The Healthcare Cybersecurity Act would direct the Cybersecurity and Infrastructure Security Agency to collaborate with the Department of Health and Human Services to bolster cybersecurity in the health care and public health sector, according to Rosen’s office.
“Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes,” Rosen said in a statement. “This bipartisan bill will help strengthen cybersecurity protections and protect lives.”
The bill’s introduction comes after President Joe Biden and his administration earlier this week urged American companies to take immediate action to harden their cyber defenses “based on evolving intelligence that the Russian government is exploring options for potential cyberattacks.” According to a new POLITICO analysis of Health and Human Services data, nearly 50 million people in the U.S. had their sensitive health data breached in 2021, a threefold increase in just the last three years.
In addition to requiring collaboration between the federal agencies, the legislation would authorize cybersecurity training for healthcare and public health care entities on cybersecurity risks and ways to mitigate them.
It also would require the Cybersecurity and Infrastructure Security Agency to conduct a detailed study of specific risks and their impacts, challenges in updating information systems and cybersecurity workforce shortages.
The bill does not authorize any additional funding to implement these measures, said Joe Bush, Rosen’s press secretary.
The legislation was welcomed by Mason Van Houweling, CEO of University Medical Center in central Las Vegas.
“As a recent victim of a cybersecurity attack, we understand the importance of collaborating with various agencies to safeguard valuable information through education, mitigation and additional resources,” he said.
In June of last year, UMC confirmed a criminal data breach after a notorious hacker group began posting personal information purportedly obtained in a cyberattack.
UMC acknowledged that cybercriminals had accessed a server used to store data, including protected health information.
Universal Health Services, which operates Valley Health System hospitals in Southern Nevada, said it had shut down its computer networks across the U.S. following a cyberattack on Sept. 27, 2020. It was two weeks before the computer networks were restored.
“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” said Cassidy, the Louisiana senator and a physician. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”
This is a developing story. Check back for updates.
Contact Mary Hynes at email@example.com or 702-383-0336. Follow @MaryHynes1 on Twitter.