In This Story
A group of bipartisan U.S. senators introduced a bill this month that could bolster cybersecurity in healthcare, amid a rise in cyber threats in the industry.
The Healthcare Cybersecurity Act would require the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together to improve cybersecurity in the healthcare industry and offer resources about cyber threats and how to defend against them. CISA is part of the Department of Homeland Security.
The act would also create a special liaison to HHS within the CISA that would responsible for coordinating response efforts during a cyberattack.
The bill was co-sponsored by Sens. Jacky Rosen (D-Nev.), Todd Young (R-Ind.) and Angus King (I-Maine).
“The health care industry is still reeling from recent cyberattacks, and rural and small health care entities in Nevada have been particularly affected,” said Sen. Rosen in a statement. “It’s imperative that we take measures to improve cybersecurity in the health care sector to prevent data breaches and protect Nevadans, which is why I’m introducing this bipartisan legislation. I’ll keep working to strengthen the cybersecurity of this critical sector and keep people safe from malicious actors.”
The proposed legislations comes after a dramatic increase in known cyberattacks against the American health care system, rising 128% in 2023 from the prior year, according to Office of the Director of National Intelligence.
The most prominent attack during this period came in February, when the ransomware group ALPHV breached Change Healthcare, a record and payment manager, resulting in delayed prescriptions and paychecks for healthcare workers. Change, a subsidiary of UnitedHealth Group, processes 14 billion transactions a year, about 6% of all payment in the U.S. health care system. UnitedHealth Group confirmed it paid a ransom in relation to the attack.
Rural facilities are particularly vulnerable to disruptions from cyberattacks. In June, the White House announced that Microsoft and Google have agreed to help vulnerable rural hospitals protect themselves with free or discounted cybersecurity services.
And although it wasn’t a cyberattack, a flawed software update from the U.S. cybersecurity firm CrowdStrike also resulted in major tech disruptions at several hospitals across the country on Friday.