The Healthcare Cybersecurity Act of 2024 aims to strengthen cybersecurity within the healthcare and public health sectors. The Act establishes the Cybersecurity and Infrastructure Security Agency (CISA) as a key player in coordinating efforts with the Department of Health and Human Services (HHS) to safeguard healthcare assets. It outlines the appointment of a liaison to oversee and improve cybersecurity measures, provide technical assistance, and facilitate information sharing.
The Act identifies the increasing cyber threats targeting healthcare facilities, leading to significant data breaches and rising costs. It highlights the need for better coordination and resources to address these risks, including developing specific cybersecurity strategies and updating the sector-specific plan. The legislation also addresses the need for training and support for healthcare providers to enhance their cybersecurity capabilities.
A crucial aspect of the Act is its focus on high-risk assets within the healthcare sector. It mandates the establishment of criteria and methodologies to identify and prioritize these assets for enhanced protection. Regular updates to the list of high-risk assets will help allocate resources more effectively and improve overall cyber resilience.
Additionally, the Act requires a report to Congress on the support and activities provided by CISA to the healthcare sector. This includes evaluating the effectiveness of cybersecurity measures and identifying areas for improvement. The goal is to ensure that healthcare organizations are well-prepared to handle cyber threats and maintain the security of sensitive patient information.
Reference: