A new cybersecurity bill has been proposed by lawmakers in the United States. The bill aims to improve the healthcare and public health (HPH) sector’s cybersecurity. US senators Bill Cassidy and Jacky Rosen proposed the legislation, known as Healthcare Cybersecurity Act (S.3904), following an increase in the risk of cyber-attacks.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks. This bill protects patients’ data and public health by strengthening our resilience to cyber warfare,” said Cassidy.

One of the key aims of the bill is to improve ties between the US Department of Health and Human Services (HHS) and the US Cybersecurity and Infrastructure Security Agency (CISA). 

This means that CISA will be required to conduct detailed research into how the HPH sector is being affected by cybersecurity concerns and also to work with the HHS on various measures to boost the sector’s virtual defenses.

CISA’s study would include: “an analysis of how cybersecurity risks specifically impact health care assets, an evaluation of the challenges health care assets face in securing updated information systems and an assessment of relevant cybersecurity workforce shortages.”

If approved, the bill would authorize cybersecurity training for HPH sector operators to raise awareness of cybersecurity risks and the most effective methods of mitigating them.

“This bipartisan proposal provides good initial steps to dealing with the problem,” commented John Bambenek, Principal Threat Hunter at security operations company, Netenrich.

He added that CISA and HHS need to identify a way to deal with the risks to healthcare cybersecurity that are created by the regulatory environment in which healthcare operates.

“Requiring cybersecurity training for healthcare operators is a nice first step, but ultimately, someone needs to pay real money to remediate the threats,” said Bambenek. 

“Unlike in almost every other vertical, the price of failure of cybersecurity in healthcare can be measured in loss of life and that means a real commitment in the healthcare sector, government and healthcare IT vendors needs to be undertaken to make sure patients are kept safe.”