In Light of Russian Cyber Threats, Rosen & Cassidy Introduce Bipartisan Bill to Improve Cybersecurity in Healthcare and Public Health Sector

White House Warned American Companies This Week to Act Now to Protect Against Potential Russian Cyberattacks

Senator Rosen Continues Leading The Call To Bolster America’s Cybersecurity Posture To Protect Against Russian Retaliation  

WASHINGTON, DC – Today, U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) announced they introduced their bipartisan Healthcare Cybersecurity Act, which would direct the Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with the Department of Health and Human Services on improving cybersecurity in the Health Care and Public Health Sector, one of the United States’ sixteen critical infrastructure sectors. 

Cyberattacks against these entities are increasing in frequency and severity, particularly because they hold large amounts of sensitive patient information and are perceived as vulnerable by malicious actors. Collaboration and information sharing between the public and private sectors is essential to increasing cyber resilience for health-focused entities.

Earlier this week, President Biden and the White House specifically warned American companies to take immediate action to harden their cyber defenses “based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” According to a new POLITICO analysis of HHS data released this week, nearly 50 million people in the U.S. had their sensitive health data breached in 2021, a threefold increase in just the last three years.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” said Dr. Cassidy. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

“UMC supports the Healthcare Cybersecurity Act to further protect our patients’ private health care information,” said Mason Van Houweling, CEO of the University Medical Center of Southern Nevada. “As a recent victim of a cybersecurity attack, we understand the importance of collaborating with various agencies to safeguard valuable information through education, mitigation and additional resources.”   

“We appreciate Senator Rosen’s work to provide more visibility and standardization, and her support of health care cybersecurity,” said Steven Ramirez, MHA, MS, Chief Information Security Officer for Renown Health. “This policy will help the health care and public health sectors protect patient information across the country.”

“On behalf of the employees of Elekta’s Henderson, NV facility and all of Elekta, we appreciate Senator Rosen’s leadership on the issue of cybersecurity in the health care sector,” Robert Thomas, Senior Vice President of Corporate and Government Affairs for Elekta Inc. “Cybersecurity is a growing issue of importance, especially regarding our health care solutions and patient information. We thank Senator Rosen for her work in this space and support her continued engagement on the issue.” 

The bipartisan Healthcare Cybersecurity Act would:

  • Require CISA and HHS to collaborate, including by entering into an agreement, to improve cybersecurity in the Healthcare and Public Health sector, as defined by CISA.
  • Authorize cybersecurity training to Healthcare and Public Health sector asset owners and operators on cybersecurity risks and ways to mitigate them. 
  • Require CISA to conduct a detailed study on specific cybersecurity risks facing the Healthcare and Public Health Sector, including an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.

Senator Rosen has been a leader in calling for strengthening America’s cybersecurity in light of increased Russian cyber threats. Last week, she led a bipartisan group of 22 senators in a letter to Homeland Security Secretary Alejandro Mayorkas asking for a briefing on what the department is doing to protect American cybersecurity from possible Russian attacks. Senator Rosen also introduced a bipartisan bill last week to bolster the cybersecurity of the Department of Veterans Affairs and protect veterans’ information.

Senator Rosen is a member of the Senate Homeland Security and Governmental Affairs Committee, which has jurisdiction over CISA. She and Senator Cassidy are also both members of the Senate Health, Education, Labor and Pensions Committee.