WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA), Bill Cassidy, M.D. (R-LA), ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, John Cornyn (R-TX), and Maggie Hassan (D-NH) introduced legislation to strengthen cybersecurity in the health care sector and protect Americans’ health data. This legislation is a product of the senators’ health care cybersecurity working group launched last year.

“Cyberattacks on our health care systems and organizations not only threaten personal and sensitive information, but can have life-and-death consequences with even the briefest period of interruption. I’m proud to introduce this bipartisan legislation that strengthens our cybersecurity and better protects patients,” said Sen. Warner.

“Cyberattacks on our health care sector not only put patients’ sensitive health data at risk but can delay life-saving care,” said Dr. Cassidy. “This bipartisan legislation ensures health institutions can safeguard Americans’ health data against increasing cyber threats.”

“In an increasingly digital world, it is essential that Americans’ health care data is protected,” said Sen. Cornyn. “This commonsense legislation would modernize our health care institutions’ cybersecurity practices, increase agency coordination, and provide tools for rural providers to prevent and respond to cyberattacks.”

“Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs – and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks,” said Sen. Hassan. “Our bipartisan working group came together to develop this legislation based on the most pressing needs for medical providers and patients, and I urge my colleagues to support it.”

The Health Care Cybersecurity and Resiliency Act of 2024:

• Strengthens cybersecurity in the health care sector by providing grants to health entities to improve cyberattack prevention and response. 
• Provides training to health entities on cybersecurity best practices. 
• Supports rural communities by providing best practices to rural health clinics and other providers on cybersecurity breach prevention, resilience, and coordination with federal agencies.
• Improves coordination between the Department of Health and Human Services (HHS) and Cybersecurity and Infrastructure Security Agency (CISA) to better respond to cyberattacks in the health care sector.
• Modernizes current regulations so entities covered under the Health Insurance Portability and Accountability Act (HIPAA) use the best cybersecurity practices.
• Requires the HHS Secretary to develop and implement a cybersecurity incident response plan.

Click here for full bill text.

###