U.S. Senators Bill Cassidy (R-LA), chair of the Senate Health, Education, Labor, and Pensions (HELP) Committee, Maggie Hassan (D-NH), John Cornyn (R-TX), and Mark Warner (D-VA) have reintroduced the Health Care Cybersecurity and Resilience Act. The legislation aims to address growing cybersecurity threats in the health care sector by improving protections for Americans’ health data.
The bill is a result of a bipartisan working group on health care cybersecurity formed in 2023. It seeks to support health institutions in preventing and responding to cyberattacks, with a focus on assisting rural medical providers who may lack resources.
“Cyberattacks on our health care sector not only put patients’ sensitive health data at risk but can delay life-saving care,” said Dr. Cassidy. “This bipartisan legislation ensures health institutions can safeguard Americans’ health data against increasing cyber threats.”
Senator Hassan emphasized the impact of such attacks on both privacy and patient care: “Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs – and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks,” she said. “Our bipartisan working group came together to develop this legislation based on the most pressing needs for medical providers and patients, and I urge my colleagues to support it.”
Senator Cornyn added: “Patients deserve absolute confidence that their sensitive medical data stored online is protected and shielded from cybersecurity breaches or ransomware attacks. This legislation would strengthen interagency coordination and improve security practices for rural providers, ensuring Texans’ health care is not delayed or compromised by cyberattacks.”
Senator Warner stated: “Cyberattacks on our health care organizations threaten the sensitive information of millions of Americans and can have life-or-death consequences on the care patients receive. I’m glad to join my colleagues in introducing this bill to strengthen our cybersecurity, protect patients, and provide additional tools for rural health care providers in Virginia.”
The proposed act would provide grants for improved prevention and response capabilities, deliver training on best practices, offer tailored guidance for rural clinics, enhance coordination between federal agencies such as HHS and CISA, update regulations under HIPAA related to cybersecurity standards, and require HHS to create an incident response plan.
According to recent data, there were over 730 reported cyber breaches last year impacting more than 270 million Americans. Notably, an attack on Change Healthcare exposed personal information of over 190 million individuals and caused delays in medical services across the country.
The average cost per breach is estimated at $10 million. In addition to disrupting patient care nationwide, Louisiana has experienced cyber incidents affecting schools, law enforcement agencies, and infrastructure.
As HELP Committee chair, Senator Cassidy has focused oversight efforts on patient protection regarding cybersecurity issues through hearings involving both parties.
