CISA
Critical infrastructure
Medical
News
Risk & Compliance
Threat Landscape

New bipartisan Healthcare Cybersecurity Act rolled out to bolster efforts in the sector

March 28, 2022
New bipartisan Healthcare Cybersecurity Act rolled out to bolster efforts in the sector

Two bipartisan U.S. senators have introduced the Healthcare Cybersecurity Act, which would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on how to improve cybersecurity measures across hospitals and healthcare networks operating in the healthcare and public health sector. 

Cyberattacks against these entities are increasing in frequency and severity, particularly because they hold large amounts of sensitive patient information and are perceived as vulnerable by malicious cybercriminals, U.S. Senators Jacky Rosen, a Democrat from Nevada, and Bill Cassidy, a Republican from Louisiana, observed in a recent statement. “Collaboration and information sharing between the public and private sectors is essential to increasing cyber resilience for health-focused entities,” they added.

The bipartisan Healthcare Cybersecurity Act would require the CISA and HHS to collaborate, including by entering into an agreement, to improve cybersecurity in the healthcare and public health sector, as defined by CISA. It will also authorize cybersecurity training to healthcare and public health sector asset owners and operators on cybersecurity risks and ways to mitigate them. 

The proposed act also calls upon the CISA to conduct a detailed study on specific cybersecurity risks facing the healthcare and public health sector, including an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” according to Senator Rosen. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives,” she added.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” Dr. Cassidy said. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

“UMC supports the Healthcare Cybersecurity Act to further protect our patients’ private health care information,” according to Mason Van Houweling, CEO of the University Medical Center of Southern Nevada. “As a recent victim of a cybersecurity attack, we understand the importance of collaborating with various agencies to safeguard valuable information through education, mitigation and additional resources,” he added. 

Acknowledging Senator Rosen’s work to provide more visibility and standardization, and her support of health care cybersecurity, Steven Ramirez, MHA, MS, chief information security officer for Renown Health, said that “this policy will help the health care and public health sectors protect patient information across the country.”

The Healthcare Cybersecurity Act gains additional significance following U.S. President Joe Biden’s warning last week to critical infrastructure owners and operators to improve domestic cybersecurity and bolster national resilience. The alert comes in the wake of ‘evolving intelligence’ that the Russian government is exploring options for potential cyberattacks. As most of the nation’s critical infrastructure is owned and operated by the private sector, it is for these environments ‘to act to protect the critical services on which all Americans rely.’

Senator Rosen was among the bipartisan group of 22 senators, who recently requested a briefing with Alejandro Mayorkas, secretary of the U.S. Department of Homeland Security (DHS), on the department’s efforts to protect the nation’s public and private sector enterprises from the Russian government’s cyber and disinformation threats. The senators request for information on efforts to protect critical infrastructure and businesses from retaliatory Russian cyberattacks came after the U.S. announced trade and energy penalties on Russia and approved US$14 billion in aid for Ukraine.

MITRE had in December released guidance to the healthcare sector in the form of a playbook to increase knowledge of threat modeling throughout the medical device ecosystem. The organization said it seeks to use the playbook to strengthen the cybersecurity and safety of medical devices.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape