Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
One of a series of recently released US governmental announcements warning of potential Russian cyber threats of cyberattack, Senators Jacky Rosen (D-NV) and Bill Cassidy (R-LA) have introduced the Healthcare Cybersecurity Act of 2022. It aims to direct the Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with the Department of Health and Human Services to improve cybersecurity in the Health Care and Public Health Sector. As only one of the United States’ sixteen critical infrastructure sectors, the effort is broad-based and immediate. Concerning healthcare cybersecurity, the bipartisan bill is designed to bring the power and resources of the federal government to help healthcare organizations protect their resources against hackers.
On March 24, 2022, Rosen stated in a press release:
Cyberattacks against these entities are increasing in frequency and severity, particularly because they hold large amounts of sensitive patient information and are perceived as vulnerable by malicious actors. Collaboration and information sharing between the public and private sectors are essential to increasing cyber resilience for health-focused entities.
According to a new POLITICO analysis of the Department of Health and Human Services (HHS) data released this week, nearly 50 million people in the US had their sensitive health data breached in 2021, a threefold increase in just the last three years.
Dr. Cassidy added:
Health centers save lives and hold sensitive, personal information, making them a prime target for cyber-attacks. This bill protects patients’ data and public health by strengthening our resilience to cyber warfare. In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities. Hospitals and health centers are part of our critical infrastructure and increase the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and adverse patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.
The Healthcare Cybersecurity Act of 2022
If it passes, the Healthcare Cybersecurity Act of 2022 bill will accomplish several strategic goals, including:
- Require the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to collaborate on improving cybersecurity in the healthcare and public health sectors, as defined by the CISA;
- Require the CISA to conduct a detailed study on specific cybersecurity risks facing the healthcare industry, including an analysis of how cybersecurity risks specifically impact healthcare assets, the challenges these organizations face in securing updated information systems, and an assessment of relevant cybersecurity workforce shortages.
President Biden Issues Warning about Possible Russian Cyberattacks
The legislators also referred to the March 21, 2022 announcement described in President Biden Warns of Russian Cyber Threats: The Need for Increased Cybersecurity & Training. The President and White House are asking American companies to take immediate action to harden their cyber defenses based on recent intelligence that the Russian Government is exploring options for potential cyberattacks. If US intelligence is correct, the danger is that Russian hackers may intend to weaken the digital infrastructure of many countries, including Ukraine and the United States.
The proposed legislation is only the latest manifestation of increasing alarm about Russian hackers and how they could potentially damage healthcare cybersecurity and cybersecurity in general. Healthcare groups worldwide are being asked to educate their workforces and harden their security protocols. To educate your workforce or yourself, consider taking Telehealth.org’s HIPAA Compliant Cybersecurity for Professionals, designed to outline immediate steps to improve cyber security for beginners.
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.