Amid a surge in cyberattacks on the healthcare sector, Senators Angus King and Marco Rubio have introduced the “Strengthening Cybersecurity in Health Care Act,” a bipartisan Senate bill aimed at fortifying the cybersecurity defenses of the U.S. Department of Health and Human Services (HHS). The legislation proposes biennial cybersecurity reviews and tests on HHS IT systems, emphasizing adaptability to evolving cyber threats. With healthcare organizations reporting a record 734 breaches in 2023, affecting 135.3 million individuals, the bill focuses on consistent evaluations and transparent reporting to Congress, underlining the need for proactive measures to safeguard sensitive healthcare information.
The proposed legislation mandates the HHS Office of Inspector General to conduct biennial evaluations, employing penetration and other tests to assess potential vulnerabilities in systems handling mission-critical or sensitive data. The bill requires HHS to submit biennial reports to Congress detailing its cybersecurity strategy updates, aligning with the current Federal Information Security Modernization Act (FISMA) but adding explicit penetration testing requirements. Senators King and Rubio stress the importance of these evaluations in the face of growing cyber threats, with the bill serving as a critical step towards enhancing cybersecurity practices and maintaining public trust in healthcare data security.
