Lawmakers in the United States have proposed a new bill, which aims to enhance the cybersecurity of America's healthcare and public health (HPH) sector.
The bill, known as the Healthcare Cybersecurity Act (S.3904), was put forward by US senators Jacky Rosen and Bill Cassidy on Thursday, following a White House warning over the increased risk to America of cyber-threats stemming from Russia.
“Health centers save lives and hold a lot of sensitive, personal information," said Cassidy, "This makes them a prime target for cyber-attacks.
“This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”
A key goal of the act is to improve collaboration between the US Department of Health and Human Services (HHS) and the US Cybersecurity and Infrastructure Security Agency (CISA).
The proposed legislation requires CISA to complete a detailed study on cybersecurity risks facing the HPH sector and work with the HHS on a range of cybersecurity measures to boost the sector's virtual defenses.
CISA's study would include “an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems and an assessment of relevant cybersecurity workforce shortages.”
If approved, the bill would authorize cybersecurity training for HPH sector operators to raise awareness of cybersecurity risks and the most effective methods of mitigating them.
"This bipartisan proposal provides good baby steps to dealing with the problem," commented John Bambenek, Principal Threat Hunter at security operations company, Netenrich.
He added that CISA and HHS need to identify a way to deal with the risks to healthcare cybersecurity that are created by the regulatory environment in which healthcare operates.
"Requiring cybersecurity training for healthcare operators is a nice first step, but ultimately, someone needs to pay real money to remediate the threats," said Bambenek.
"Unlike in almost every other vertical, the price of failure of cybersecurity in healthcare can be measured in loss of life and that means a real commitment in the healthcare sector, government and healthcare IT vendors needs to be undertaken to make sure patients are kept safe."