The Health Care Cybersecurity and Resilience Act, which would offer grants to help healthcare organizations improve their prevention and response capabilities, moved out of the HELP Committee for consideration in the full Senate
The Health Care Cybersecurity and Resilience Act this past week moved out of the Senate Health, Education, Labor, and Pensions Committee, and will now be considered in the full chamber.
WHY IT MATTERS
The bipartisan legislation – which was first introduced by Sen. Mark Warner, D-Virginia, and HELP Committee Chair Sen. Dr. Bill Cassidy, R-Louisiana, and colleagues back in November 2024 – is designed to help shore up cybersecurity defenses and improve risk mitigation at healthcare organizations nationwide.
To help health systems better safeguard protected health information and other sensitive patient data in the face of increasingly sophisticated cyber threats, the Health Care Cybersecurity and Resiliency Act would provide grants to help these organizations improve their prevention and response capabilities.
The bill also contains provisions for training healthcare orgs on cybersecurity best practices, and includes specific support tools designed for rural communities – helping them with best practices for breach prevention, resilience and coordination with federal agencies.
It also calls for better coordination between the Department of Health and Human Services and Homeland Security’s Cybersecurity and Infrastructure Security Agency, and would modernize certain regulations to help HIPAA covered entities refine their cybersecurity practices.
The act would also require the HHS Secretary to develop and implement a cybersecurity incident response plan.
THE LARGER TREND
Healthcare cyberattacks have increased in sophistication and intensity in recent years, and now routinely impact and delay care delivery in ways large and small, beyond just exposing sensitive patient data. In many ways, cybersecurity has become a patient safety imperative.
Sen. Warner has long been a leader on the issue, introducing other pieces of healthcare security legislation, for instance, and calling for the creation of a healthcare cybersecurity czar.
More recently, among other efforts, he has called for the development of mandatory minimum cyber standards for the healthcare sector from HHS.
ON THE RECORD
“Cyberattacks on our health care system don’t just compromise data – they can disrupt care, delay treatments, and put lives at risk,” said Warner in a statement. “I’m encouraged to see this bipartisan legislation advance through committee. It takes important steps to strengthen our cyber defenses, improve coordination across federal agencies, and ensure that providers – especially those in rural and underserved communities – have the tools they need to protect patients and continue delivering care.”
Mike Miliard is executive editor of Healthcare IT News
Email the writer: [email protected]
Healthcare IT News is a HIMSS publication.
