AHA Expresses Support for Healthcare Cybersecurity Act
US Representatives Jason Crow and Brian Fitzpatrick recently introduced a House companion to the Healthcare Cybersecurity Act, which advanced in the Committee on Homeland Security and Governmental Affairs in March.
Source: Getty Images
By Jill McKeon
- The American Hospital Association (AHA) expressed its support for the Healthcare Cybersecurity Act (S.3904/H.R.8806) in a letter by AHA Executive Vice President Stacey Hughes to US Representatives Jason Crow (D-CO) and Brian Fitzpatrick (R-PA).
Crow and Fitzpatrick recently introduced a House companion to the Senate bill, which advanced in the Committee on Homeland Security and Governmental Affairs in late March.
If passed, the bill would require the Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with HHS to improve healthcare cybersecurity by making resources and providing cybersecurity training to healthcare asset owners.
In addition, the bill placed an emphasis on evaluating rural healthcare cybersecurity risks and tackling the ongoing cybersecurity workforce shortage.
“We appreciate that the bill calls for an analysis of cybersecurity risks to the HPH sector with a focus on impacts to rural hospitals, vulnerabilities of medical devices, and cybersecurity workforce shortages, among other important issues,” the AHA letter stated.
“We also support the development of coordinated national defensive measures, an expansion of the cybersecurity workforce, disruption of bad actors that target U.S. critical infrastructure, and the utilization of a ‘whole of government’ approach to increasing risk and consequences for those who commit attacks.”
Specifically, the Healthcare Cybersecurity Act would require CISA to conduct a study on how cybersecurity risks impact healthcare assets, the challenges faced in securing updated information systems, and an assessment of the cybersecurity workforce shortage.
“Great strides have been made by hospitals and health systems to defend provider networks, secure patient data, preserve health care delivery and, most importantly, protect patient safety,” Hughes wrote.
“This bill takes first steps towards addressing many of the cybersecurity challenges facing hospitals and health systems.”
In May, The US Senate Committee on Health, Education, Labor, and Pensions (HELP) held a full committee hearing to discuss the need for an increased focus on education and healthcare cybersecurity. Citing the cybersecurity workforce shortage and healthcare’s reliance on legacy systems, experts urged Congress to further prioritize healthcare cybersecurity.
In August, US Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI) urged HHS to bolster cybersecurity efforts and called on HHS to hold an urgent briefing on the administration’s current cybersecurity posture and plans for improvement.
Although the industry has made significant progress on its own, federal guidance could go a long way in strengthening healthcare cybersecurity.
