Analysis
Attacks and Vulnerabilities
Medical
News
Regulation, Standards and Compliance
Vulnerabilities

House bill now directs CISA, HHS to improve cybersecurity across healthcare, public health entities

September 19, 2022
House bill now directs CISA, HHS to improve cybersecurity across healthcare, public health entities

Crucial legislation has been brought into the U.S. House of Representatives to improve cybersecurity across the healthcare and public health sectors. The legislation directs the Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with the Department of Health and Human Services (HHS) to safeguard the healthcare data of Americans from cyberattacks.

Rep. Jason Crow, a Democrat from Colorado, and Rep. Brian Fitzpatrick, a Republican from Pennsylvania, introduced the bill titled ‘Healthcare Cybersecurity Act,’ which seeks to protect Americans’ healthcare data from cyberattacks. The bipartisan bill comes as nearly 50 million people in the U.S. had their sensitive health data breached in 2021, a threefold increase over the last three years. Furthermore, cyberattacks on healthcare facilities rose 55 percent in 2020, resulting in a 16 percent increase in the average patient cost.

“Cyberattacks on our hospitals and health centers are becoming increasingly common, and they are driving up our healthcare costs,” Rep. Crow said in a media statement. “I’m proud to introduce the bipartisan Healthcare Cybersecurity Act with Rep. Fitzpatrick to protect the American people and their data from these malicious attacks.”

“46 million Americans had their health data breached in 2021 as a result of a cyberattack,” according to Rep. Fitzpatrick. “The increasing number of attacks on our hospitals and health centers must be addressed. That is why I am proud to join my colleague Rep. Crow to introduce The Healthcare Cybersecurity Act of 2022, which will create new resources for cybersecurity risk training and promote strong cybersecurity measures across our Nation’s healthcare systems.”

Cyberattacks against healthcare and public health entities are increasing in frequency and severity, mainly because they hold large amounts of sensitive patient information and are largely perceived as vulnerable by malicious actors. Therefore, collaboration and information sharing between the public and private sectors is essential to increasing cyber resilience for health-focused entities.

As part of the Healthcare Cybersecurity Act provisions, the bill requires the CISA and HHS to collaborate, including by entering into an agreement, to improve cybersecurity in the healthcare and public health sector, as defined by CISA. It also authorizes cybersecurity training to healthcare and public health sector asset owners and operators on cybersecurity risks and ways to mitigate them. 

The legislation requires the CISA to conduct a detailed study on specific cybersecurity risks facing the healthcare and public health sector. It also calls for an analysis of how cybersecurity risks specifically impact healthcare assets, an evaluation of the challenges healthcare assets face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.

Similar legislation was introduced in March in the U.S. Senate by Senators Jacky Rosen, a Democrat from Nevada, and Bill Cassidy, a Republican from Louisiana. Again, the legislation sought to direct the CISA and the HHS to collaborate on improving cybersecurity measures across hospitals and healthcare networks operating in the healthcare and public health sector.

Rosen commented on the House bill, “as hospitals and other healthcare organizations across the United States face an onslaught of cyberattacks, we must take proactive steps to enhance information sharing and improve cybersecurity in the healthcare and public health sector.” 

“That’s why I introduced the bipartisan Healthcare Cybersecurity Act in the Senate to strengthen cybersecurity protections and protect patient information, and I am glad to see it introduced on a bipartisan basis in the House of Representatives,” Rosen added.

Organizations in the healthcare and public health sectors are facing an increasing number of ransomware attacks, often leaving hospital networks vulnerable. With these adversaries lurking around in the OT/IoT environments, they have become considerably more capable of executing significant attacks at scale while also taking advantage of the growing success of the ransomware-as-a-service (RaaS) model.

While hackers are shifting their focus to smaller entities that truly have a deficit in cyber defenses, showing a huge change in victims and approach. Changes in government regulations, a massive revolution in connectivity of medical devices and mobile technology, and transformation in how care is delivered and consumed have come together to form a perfect storm of complexity and vulnerability, which cyber adversaries target.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA and FBI issue secure by design alert to urge manufacturers to remove directory traversal vulnerabilities
CISA and FBI issue secure by design alert to urge manufacturers to remove directory traversal vulnerabilities
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
Sygnia
Sygnia aligns with NVIDIA, revolutionizes OT security for energy and industrial sectors
Armexa adds John Cusimano as vice president to its leadership team
Armexa, ISA partner to offer standards-based OT cybersecurity training
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Insane Cyber
Insane Cyber closes $4.2 million funding round to safeguard critical infrastructure installations
Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience