Light Dark
August 24, 2022 By Jennifer Gregory 2 min read
News

U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) recently proposed the Healthcare Cybersecurity Act of 2022 to Congress. This new bill aims to reduce cybersecurity attacks and data breaches in the healthcare and public health industries. The plan: an improved partnership between the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA), which is an agency of the Department of Homeland Security. The bill is currently going through the introductory process in the Senate.

Cybersecurity issues facing the healthcare industry

The IBM Security X-Force Threat Intelligence Index 2022 ranked healthcare as the sixth most attacked industry. It made up 5.1% of all attacks X-Force observed in 2021. They found that most attacks against healthcare groups (57%) were vulnerability exploitations. Attackers also used ransomware (38% of attacks) more often in healthcare-related attacks than in attacks against other industries. Phishing came in third place, comprising 29% of attacks.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Bill outlines partnership between CISA and HSS

The new bill defines the roles of each agency in the partnership. It also outlines specific actions that the CISA will take. It requires training for healthcare workers and outlines specific areas that CISA will analyze during a detailed study. Details include:

  • Mandating the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to work together on improving cybersecurity in the healthcare and public health sectors, as defined by CISA
  • Authorizing cybersecurity training for healthcare groups on digital risks and ways to mitigate them
  • Requiring CISA to conduct a detailed study on specific risks facing the healthcare industry, including how those risks impact healthcare assets, the challenges these organizations face in securing updated information systems today and an assessment of relevant workforce shortages.

Improving care and privacy

An important element here is outlining the steps and the specific areas to look at. That way, the bill takes practical strides to solve the problem. While the Healthcare Cybersecurity Act of 2022 focuses on the actions of CISA and HHS, the goal is to improve care and privacy for patients.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks,” said Dr. Cassidy in a press release. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

 |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
December 19, 2023

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

August 16, 2023

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature