US Lawmakers Propose Healthcare Cybersecurity Act

Lawmakers in the United States have proposed a new bill, which aims to enhance the cybersecurity of America's healthcare and public health (HPH) sector.

The bill, known as the Healthcare Cybersecurity Act, was put forward by US senators Jacky Rosen and Bill Cassidy, following a White House warning over the increased risk to America of cyber-threats stemming from Russia.

If approved, the bill would authorize cybersecurity training for HPH sector operators to raise awareness of cybersecurity risks and the most effective methods of mitigating them. CISA and HHS need to identify a way to deal with the risks to healthcare cybersecurity that are created by the regulatory environment in which healthcare operates. 

A key goal of the act is to improve collaboration between the US Department of Health and Human Services (HHS) and the US Cybersecurity and Infrastructure Security Agency (CISA). 

The proposed legislation requires CISA to complete a detailed study on cybersecurity risks facing the HPH sector and work with the HHS on a range of cybersecurity measures to boost the sector's virtual defenses. 

CISA's study would include “an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems and an assessment of relevant cybersecurity workforce shortages.”

"Requiring cybersecurity training for healthcare operators is a nice first step, but ultimately, someone needs to pay real money to remediate the threats," said John Bambenek, Principal Threat Hunter at security operations company, Netenrich.

"Unlike in almost every other vertical, the price of failure of cybersecurity in healthcare can be measured in loss of life and that means a real commitment in the healthcare sector, government and healthcare IT vendors needs to be undertaken to make sure patients are kept safe."