Press Releases
Warner and Wyden Introduce Bill to Set Strong Cybersecurity Standards for American Health Care System
Sep 26 2024
WASHINGTON – Senator Mark Warner (D-VA) and Senate Finance Committee Chair Ron Wyden (D-OR) today announced legislation to improve cybersecurity in the American health care system amid a wave of increased cyberattacks that are breaching Americans’ privacy and causing major disruptions to care across the country.
“Cyberattacks on our health care institutions threaten patients’ most private data and delay essential medical care, directly endangering Americans’ lives and long term health,” Sen. Warner said. “With hacks already targeting institutions across the country, it’s time to go beyond voluntary standards and ensure health care providers and vendors get serious about cybersecurity and patient safety. I’m glad to introduce legislation that would mandate sensible cybersecurity protocols while also getting resources to rural and underserved hospitals to ensure they have the funding to meet these new standards.”
“Megacorporations like UnitedHealth are flunking Cybersecurity 101, and American families are suffering as a result,” Sen. Wyden said. “The health care industry has some of the worst cybersecurity practices in the nation despite its critical importance to Americans’ well-being and privacy. These commonsense reforms, which include jail time for CEOs that lie to the government about their cybersecurity, will set a course to beef up cybersecurity among health care companies across the nation and stem the tide of cyberattacks that threaten to cripple the American health care system.”
“Cybersecurity remains an ever-evolving challenge in our health care ecosystem and more must be done to prevent cyber attacks and ensure patient safety,” said Andrea Palm, Deputy Secretary of the Department of Health and Human Services. “Clear accountability measures and mandatory cybersecurity requirements for all organizations that hold sensitive data are essential. We are grateful for Senator Wyden and Senator Warner’s leadership and look forward to continuing to work together on this legislation to strengthen cyber resiliency across our entire health care ecosystem.”
The bill, titled the “Health Infrastructure Security and Accountability Act,” would require the Department of Health and Human Services (HHS) to develop and enforce a set of tough minimum cybersecurity standards for health care providers, health plans, clearinghouses and business associates, including stronger standards for systemically important entities and entities important for national security. The bill would also remove the existing cap on fines under the Health Insurance Portability and Accountability Act, which prevent the regulator from issuing fines large enough to deter megacorporations from ignoring cybersecurity standards, and provides funding for hospitals to improve their cybersecurity, particularly low-resource hospitals in rural and urban areas.
A one-page summary of the bill can be found here. The legislative text can be found here.
###