Attacks and Vulnerabilities
Medical
News
Regulation, Standards and Compliance
Threat Landscape
Vulnerabilities

US Senate introduces legislation to enhance healthcare cybersecurity within the HHS amidst recent breaches

February 16, 2024
US Senate introduces legislation to enhance healthcare cybersecurity within the HHS amidst recent breaches

New legislation to improve healthcare cybersecurity has been introduced in the U.S. Senate to help protect U.S. healthcare systems from hackers and other bad actors and comes as several healthcare systems have been breached in the last few months nationwide. The move would require the Department of Health and Human Services (HHS) to perform consistent evaluations of its cybersecurity systems and provide biannual reports on its current practices and progress on future safety procedures they are working to implement.

Introduced by Senator Angus King, an Independent from Maine, who is also a co-chair of the Cybersecurity Solarium Commission and serves on both the Senate Armed Services (SASC) and Intelligence Committees (SSCI), alongside Marco Rubio, a Republican from Florida, the ‘Strengthening Cybersecurity in Health Care Act’ mandates that, starting no later than two years after its enactment and biennially thereafter, the Inspector General of the HHS is required to assess the Department’s cybersecurity measures. The evaluation will involve penetration tests and other methodologies to scrutinize the security of systems that process, transmit, or store critical or sensitive data. 

The goal of the proposed legislation is to identify vulnerabilities that could potentially compromise patient data or endanger patient safety.

The Act also laid down that not later than two years after the date of enactment of this Act, and every two years thereafter, the Secretary of Health and Human Services shall submit to Congress a report that describes how the Secretary will update the cybersecurity practices and protocols of the HHS to adapt to the latest cyberattack strategies. 

The Senate bill also proposed that the Inspector General of the HHS shall submit to Congress a report that describes how the Inspector General is currently using federal funds, and additional funding or legislative changes required for the Inspector General to maintain the evaluation of the cybersecurity practices and protocols of the Department. 

“In recent years, several of Maine’s major healthcare providers have been the victims of cyberattacks,” Senator King said in a recent media statement. “This threat to America’s critical infrastructure is real, and could literally mean the difference between life and death — we must take proactive steps to enhance the cybersecurity of our healthcare and public health sectors.” 

King added “The bipartisan Strengthening Cybersecurity in Health Care Act would help ensure that health institutions have the resources to keep patient data safe. As the number of threats continues to grow, consistent evaluations will prove to be a lifeline to the medical community treating our family and friends.”

“Since the pandemic, we have seen a rise in the number of cyberattacks against our healthcare systems. I am proud to introduce the bipartisan Strengthening Cybersecurity in Health Care Act,” according to Senator Rubio. “This legislation aims to reassure the American people by better safeguarding their sensitive information, ensuring peace of mind during these ever-changing times.”

Senators Thom Tillis, a Republican from North Carolina, and Maggie Hassan, a Democrat from New Hampshire are original cosponsors of this legislation. 

“Too many North Carolinians have experienced data breaches by malicious hackers, which is especially concerning when it comes to sensitive health information,” Senator Tillis said in a statement. “Americans shouldn’t have to worry about harmful cybersecurity attacks and this legislation ensures any personal health data stored by the Department of Health and Human Services is properly secured and protected from cybersecurity attacks.”

Recent reporting has indicated an exponential increase in cybersecurity attacks against healthcare systems across the country, including the HHS. In 2023, approximately 133 million people had their health data, such as Medicare beneficiary data, social security numbers, and medical records breached. As the agency tasked with keeping Americans’ personal health information safe, HHS must be equipped to combat the latest hacking strategies.

Last month, lawmakers from the U.S. Senate and House of Representatives introduced legislation aimed at addressing cybersecurity threats in the agriculture sector and enhancing protections for the food supply chain. The bill also directs the Secretary of Agriculture to conduct a study every two years on cybersecurity threats and vulnerabilities within the agriculture and food sectors and submit a report to Congress.

The proposed bipartisan, bicameral Farm and Food Cybersecurity bill focuses on strengthening cybersecurity measures within the food and agriculture critical infrastructure sector by identifying vulnerabilities and improving the protective measures of both government and private entities against potential cyber threats to America’s food supply chain.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings