Against the backdrop of the war in Ukraine, two senators have unveiled the Healthcare Cybersecurity Act of 2022, which would bring federal resources to bear on the top technological threat to healthcare organizations.
Congress is taking on healthcare privacy and security.
Senators Jacky Rosen (D-NV) and Bill Cassidy (R-LA) have introduced the Healthcare Cybersecurity Act of 2022, which aims to bring the federal government in to help healthcare organizations protect their resources against hackers.
“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” Rosen said in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”
The bill has three components. If passed into law, it would:
- Require the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to collaborate on improving cybersecurity in the healthcare and public health sectors, as defined by the CISA;
- Authorize cybersecurity training for healthcare organizations on cybersecurity risks and ways to mitigate them; and
- Require the CISA to conduct a detailed study on specific cybersecurity risks facing the healthcare industry, including an analysis of how cybersecurity risks specifically impact healthcare assets, an evaluation of the challenges that these organizations face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.
The bill comes shortly after the White House warned American companies to be aware of increased threats posed by Russian hackers because of the war in the Ukraine. The American Hospital Association also called on its members to be more alert.
In January, the ECRI Institute listed the threat of cybersecurity attacks as this year’s top technological threat to healthcare organizations.
“The question is not whether a given facility will be attacked, but when,” Marcus Schabacker, MD, PhD, the ECRIs’ president and chief executive officer, said in a press release accompanying the Top 10 Health Technology Hazards for 2022. “Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do.”
Nearly 50 million people saw their personal health data accessed illegally in 2021, a threefold increase over the past three years, according to Politico. And hacking accounted for three-quarters of those data breaches, more than double the 35% figure reported in 2016.
“Unfortunately, the industry is pretty much easy pickings, and they’re hitting it because they’re getting paid,” s Mac McMillan, CEO of cybersecurity company CynergisTek, told Politico. “It’s [not] gonna slow down until we either get more serious about stopping it, or blocking it, or being more effective at it. From the cybercriminals’ perspective, they’re being successful, they’re getting paid, why would they stop?”
Eric Wicklund is the associate content manager and senior editor for Innovation at HealthLeaders.