Light Dark
August 24, 2022 By Jennifer Gregory 2 min read
News

U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) recently proposed the Healthcare Cybersecurity Act of 2022 to Congress. This new bill aims to reduce cybersecurity attacks and data breaches in the healthcare and public health industries. The plan: an improved partnership between the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA), which is an agency of the Department of Homeland Security. The bill is currently going through the introductory process in the Senate.

Cybersecurity issues facing the healthcare industry

The IBM Security X-Force Threat Intelligence Index 2022 ranked healthcare as the sixth most attacked industry. It made up 5.1% of all attacks X-Force observed in 2021. They found that most attacks against healthcare groups (57%) were vulnerability exploitations. Attackers also used ransomware (38% of attacks) more often in healthcare-related attacks than in attacks against other industries. Phishing came in third place, comprising 29% of attacks.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Bill outlines partnership between CISA and HSS

The new bill defines the roles of each agency in the partnership. It also outlines specific actions that the CISA will take. It requires training for healthcare workers and outlines specific areas that CISA will analyze during a detailed study. Details include:

  • Mandating the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to work together on improving cybersecurity in the healthcare and public health sectors, as defined by CISA
  • Authorizing cybersecurity training for healthcare groups on digital risks and ways to mitigate them
  • Requiring CISA to conduct a detailed study on specific risks facing the healthcare industry, including how those risks impact healthcare assets, the challenges these organizations face in securing updated information systems today and an assessment of relevant workforce shortages.

Improving care and privacy

An important element here is outlining the steps and the specific areas to look at. That way, the bill takes practical strides to solve the problem. While the Healthcare Cybersecurity Act of 2022 focuses on the actions of CISA and HHS, the goal is to improve care and privacy for patients.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks,” said Dr. Cassidy in a press release. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

 |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
April 22, 2024

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role. “In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said…

April 15, 2024

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

April 8, 2024

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature