Reps. Jason Crow, D-Colo., and Brian Fitzpatrick, R-Pa., on September 13 introduced bipartisan legislation to protect Americans’ healthcare data from cyberattacks.
Cyberattacks against healthcare entities are increasing in frequency and severity, particularly because they hold large amounts of sensitive patient information and are perceived as vulnerable by malicious actors.
The Healthcare Cybersecurity Act would require the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate to improve cybersecurity in the healthcare and public health sector, as defined by CISA.
The legislation also would authorize training to healthcare and public health sector asset owners and operators on cybersecurity risks and ways to mitigate them.
This legislation would require CISA to conduct a detailed study on specific cybersecurity risks facing the healthcare and public health sector. That study would include an analysis of how cybersecurity risks specifically impact healthcare assets, an evaluation of the challenges healthcare entities face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.
“Cyberattacks on our hospitals and health centers are becoming increasingly common and they are driving up our healthcare costs,” said Rep. Crow in a press release. “I’m proud to introduce the bipartisan Healthcare Cybersecurity Act with Rep. Fitzpatrick to protect the American people and their data from these malicious attacks.”
Introduction of the legislation comes as nearly 50 million people in the United States had their sensitive health data breached in 2021 – a three-fold increase in just the last three years. Those breaches have resulted in a 16 percent increase in the average cost of recovering a patient record in 2020 compared to 2019.
“46 million Americans had their health data breached in 2021 as a result of a cyberattack,” said Rep. Fitzpatrick. “The increasing number of attacks on our hospitals and health centers must be addressed. The Healthcare Cybersecurity Act of 2022 will create new resources for cybersecurity risk training and promote strong cybersecurity measures across our Nation’s healthcare systems.”
Companion legislation has also been introduced in the Senate by Sen. Jacky Rosen, D-Nev., and Bill Cassidy, R-La.