U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) recently proposed the Healthcare Cybersecurity Act of 2022 to Congress. This new bill aims to reduce cybersecurity attacks and data breaches in the healthcare and public health industries. The plan: an improved partnership between the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA), which is an agency of the Department of Homeland Security. The bill is currently going through the introductory process in the Senate.

Cybersecurity Issues Facing the Healthcare Industry

The IBM Security X-Force Threat Intelligence Index 2022 ranked healthcare as the sixth most attacked industry. It made up 5.1% of all attacks X-Force observed in 2021. They found that most attacks against healthcare groups (57%) were vulnerability exploitations. Attackers also used ransomware (38% of attacks) more often in healthcare-related attacks than in attacks against other industries. Phishing came in third place, comprising 29% of attacks.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Bill Outlines Partnership Between CISA and HSS

 The new bill defines the roles of each agency in the partnership. It also outlines specific actions that the CISA will take. It requires training for healthcare workers and outlines specific areas that CISA will analyze during a detailed study. Details include:

  • Mandating the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to work together on improving cybersecurity in the healthcare and public health sectors, as defined by CISA
  • Authorizing cybersecurity training for healthcare groups on digital risks and ways to mitigate them
  • Requiring CISA to conduct a detailed study on specific risks facing the healthcare industry, including how those risks impact healthcare assets, the challenges these organizations face in securing updated information systems today and an assessment of relevant workforce shortages.

Improving Care and Privacy

An important element here is outlining the steps and the specific areas to look at. That way, the bill takes practical strides to solve the problem. While the Healthcare Cybersecurity Act of 2022 focuses on the actions of CISA and HHS, the goal is to improve care and privacy for patients.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks,” said Dr. Cassidy in a press release. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

More from News

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…

Alleged FBI Database Breach Exposes Agents and InfraGard

Recently the feds suffered a big hack, not once, but twice. First, the FBI-run InfraGard program suffered a breach. InfraGard aims to strengthen partnerships with the private sector to share information about cyber and physical threats. That organization experienced a major breach in early December, according to a KrebsOnSecurity report. Allegedly, the InfraGard database — containing contact information of over 80,000 members — appeared up for sale on a cyber crime forum. Also, the hackers have reportedly been communicating with…