Senate bill unveils comprehensive rural hospital cybersecurity workforce development strategy

Senate bill unveils comprehensive rural hospital cybersecurity workforce development strategy

U.S. Senate Homeland Security and Governmental Affairs Committee (HSGAC) members introduced new legislation that addresses the critical need for skilled cybersecurity professionals and digital security enhancement protocols in rural healthcare settings. The rural hospital cybersecurity legislation follows a recent HSGAC hearing that identified rural healthcare facilities as soft targets for cybercriminals. Unlike larger urban hospitals, rural hospitals often have little to no full-time cybersecurity personnel and are particularly exposed to cyberattacks.

Titled ‘Rural Hospital Cybersecurity Enhancement Act,’ the legislation would require the Cybersecurity and Infrastructure Security Agency (CISA) director to develop a comprehensive rural hospital cybersecurity workforce development strategy that, at a minimum, considers public-private partnerships, development of curricula and training resources, and policy recommendations.

The legislation also requires the CISA director to create instructional materials for rural hospitals to train staff on fundamental cybersecurity measures. Additionally, the legal measure requires the Secretary of Homeland Security to report annually to HSGAC and the House Committee on Homeland Security with updates regarding the strategy and any programs that have been implemented according to the strategy.

In March, the HSGAC convened a hearing to examine cybersecurity threats facing the healthcare sector and how the federal government and healthcare providers are working to prevent breaches. The examination highlighted the severity of the threat and discussed how cyber-attacks against the healthcare sector can affect patient care and compromise sensitive medical information.

Introduced by Gary Peters, a Democrat from Michigan and HSGAC chairman, and Josh Hawley, a Republican from Missouri and a member of the HSGAC, the bill identifies that the rural hospital cybersecurity workforce development strategy shall, at a minimum, consider partnerships between rural hospitals, educational institutions, private sector entities, and nonprofit organizations to develop, promote, and expand cybersecurity education and training programs tailored to the needs of rural hospitals.

It also seeks the development of a cybersecurity curriculum and teaching resources that focus on teaching technical skills and abilities related to cybersecurity in rural hospitals for use in community colleges, vocational schools, and other educational institutions located in rural areas. It also looks into recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy.

The legislation also calls for ‘not later than 60 days after the date on which the first full fiscal year ends following the date on which the Secretary transmits the rural hospital cybersecurity workforce development strategy developed, and not later than 60 days after the date on which each fiscal year thereafter ends, the Secretary shall submit to the appropriate committees of Congress a report.’

The report must include, at a minimum, information relating to updates to the rural hospital cybersecurity workforce development strategy, as appropriate. It must also include any programs or initiatives established under the rural hospital cybersecurity workforce development strategy and the number of individuals trained or educated through such programs or initiatives.

Furthermore, the report must provide additional recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy. It must also cover the effectiveness of the rural hospital cybersecurity workforce development strategy in addressing the need for skilled cybersecurity professionals in rural hospitals.

“Congress must take action to shore up the ability of small-town hospitals to defend themselves from cyberattacks,” Senator Hawley said in a media statement. “By working to improve cybersecurity preparedness and develop a robust cybersecurity workforce in rural hospitals, we can help protect the sensitive medical and personal data of American patients and defend our national security.”

“Ransomware attacks against hospitals and health care systems that compromise sensitive medical information and disrupt patient care must be stopped. Unfortunately, small and rural hospitals often lack the resources to invest in cybersecurity defenses and staff to prevent these breaches,” according to Senator Peters. “This bipartisan legislation will require the federal government to ensure our most vulnerable health care providers have the necessary tools to protect patient information and provide lifesaving care even as criminal hackers continue to target their networks.”

Last month, the Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) observed a continuation of many ongoing trends concerning cyber threats to the healthcare and public health (HPH) community. Ransomware attacks, data breaches, and often both continued to be prevalent in attacks against the health sector. 

Furthermore, ransomware operators continued to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday. It also identified that vulnerabilities in software and hardware platforms, some ubiquitous and some specific to healthcare, continued to keep the attack surface of healthcare organizations open.

Members of the HSGAC reintroduced this month bipartisan legislation that would require the CISA to help protect commercial satellite owners and operators from disruptive cyber-attacks. The Satellite Cybersecurity Act will require CISA to consolidate voluntary satellite cybersecurity recommendations – including guidance specifically for small businesses – to help companies understand how to best secure their systems. Additionally, the bill requires CISA to develop a publicly available, online resource to ensure companies can access satellite-specific cybersecurity resources and recommendations to secure their networks.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related