Skip to content

Ranking Member Cassidy, Colleagues Introduce Legislation to Strengthen Cybersecurity in Health Care Sector as Part of Bipartisan Working Group


WASHINGTON – Today, U.S. Senators Bill Cassidy, M.D. (R-LA), ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, Mark Warner (D-VA), John Cornyn (R-TX), and Maggie Hassan (D-NH) introduced legislation to strengthen cybersecurity in the health care sector and protect Americans’ health data. This legislation is a product of the senators’ health care cybersecurity working group launched last year

“Cyberattacks on our health care sector not only put patients’ sensitive health data at risk but can delay life-saving care,” said Dr. Cassidy. “This bipartisan legislation ensures health institutions can safeguard Americans’ health data against increasing cyber threats.” 

“Cyberattacks on our health care systems and organizations not only threaten personal and sensitive information, but can have life-and-death consequences with even the briefest period of interruption. I’m proud to introduce this bipartisan legislation that strengthens our cybersecurity and better protects patients,” said Senator Warner

“In an increasingly digital world, it is essential that Americans’ health care data is protected,” said Senator Cornyn. “This commonsense legislation would modernize our health care institutions’ cybersecurity practices, increase agency coordination, and provide tools for rural providers to prevent and respond to cyberattacks.” 

“Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs – and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks,” said Senator Hassan. “Our bipartisan working group came together to develop this legislation based on the most pressing needs for medical providers and patients, and I urge my colleagues to support it.”

The Health Care Cybersecurity and Resiliency Act of 2024: 

  • Strengthens cybersecurity in the health care sector by providing grants to health entities to improve cyberattack prevention and response.  
    • Provides training to health entities on cybersecurity best practices.  
  • Supports rural communities by providing best practices to rural health clinics and other providers on cybersecurity breach prevention, resilience, and coordination with federal agencies. 
  • Improves coordination between the Department of Health and Human Services (HHS) and Cybersecurity and Infrastructure Security Agency (CISA) to better respond to cyberattacks in the health care sector. 
  • Modernizes current regulations so entities covered under the Health Insurance Portability and Accountability Act (HIPAA) use the best cybersecurity practices. 
  • Requires the HHS Secretary to develop and implement a cybersecurity incident response plan. 

Click here for full bill text.

Click here for the section-by-section.

BACKGROUND

Health records, unlike other personal records like credit card numbers, are more valuable on the black market since health conditions are permanent and cannot be reissued.    

According to HHS, a record 89 million Americans had their health information breached in 2023, more than double since 2022. These cyberattacks severely impact health care operations, costing an average of $10 million per breach and leading to an interruption or long-term delay in care. In 2022, Louisiana, hackers compromised almost 270,000 personal records, including health information.