August 24, 2022 By Jennifer Gregory 2 min read

U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) recently proposed the Healthcare Cybersecurity Act of 2022 to Congress. This new bill aims to reduce cybersecurity attacks and data breaches in the healthcare and public health industries. The plan: an improved partnership between the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA), which is an agency of the Department of Homeland Security. The bill is currently going through the introductory process in the Senate.

Cybersecurity issues facing the healthcare industry

The IBM Security X-Force Threat Intelligence Index 2022 ranked healthcare as the sixth most attacked industry. It made up 5.1% of all attacks X-Force observed in 2021. They found that most attacks against healthcare groups (57%) were vulnerability exploitations. Attackers also used ransomware (38% of attacks) more often in healthcare-related attacks than in attacks against other industries. Phishing came in third place, comprising 29% of attacks.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Bill outlines partnership between CISA and HSS

The new bill defines the roles of each agency in the partnership. It also outlines specific actions that the CISA will take. It requires training for healthcare workers and outlines specific areas that CISA will analyze during a detailed study. Details include:

  • Mandating the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to work together on improving cybersecurity in the healthcare and public health sectors, as defined by CISA
  • Authorizing cybersecurity training for healthcare groups on digital risks and ways to mitigate them
  • Requiring CISA to conduct a detailed study on specific risks facing the healthcare industry, including how those risks impact healthcare assets, the challenges these organizations face in securing updated information systems today and an assessment of relevant workforce shortages.

Improving care and privacy

An important element here is outlining the steps and the specific areas to look at. That way, the bill takes practical strides to solve the problem. While the Healthcare Cybersecurity Act of 2022 focuses on the actions of CISA and HHS, the goal is to improve care and privacy for patients.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks,” said Dr. Cassidy in a press release. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

More from News

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

New ransomware over browser threat targets uploaded files

3 min read - We all have a mental checklist of things not to do while online: click on unknown links, use public networks and randomly download files sent over email. In the past, most ransomware was deployed on your network or computer when you downloaded a file that contained malware. But now it’s time to add a new item to our high-risk activity checklist: use caution when uploading files. What is ransomware over browsers? Researchers at Florida International University worked with Google to…

Exploring the 2024 Worldwide Managed Detection and Response Vendor Assessment

3 min read - Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways. The current state of MDR According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today