US Senate introduces bill for Healthcare Cybersecurity Act
June 11, 2025 |
By far and away the most targeted sites for hackers are health organisations, hospitals and health insurers. Those bodies hold vast troves of personal information and traditionally have weak cyber protection.
Senate Bill 1851 is the Healthcare Cybersecurity Act of 2025. It directs the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate and work with healthcare to provide guidance and training on cybersecurity issues. It also directs the CISA to establish criteria to determine whether a covered asset may be designated as a high-risk covered asset. This criteria is taken from the Critical Infrastructure Protection Act. Australia also has a critical infrastructure legislation.
The press release provides:
WASHINGTON – U.S. Senators Todd Young (R-Ind.) and Jacky Rosen (D-Nev.) introduced the Healthcare Cybersecurity Act to bolster the health care and public health sectors’ cybersecurity. The bill would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on improving cybersecurity and make resources available to non-federal entities relating to cyber threat indicators and appropriate defense measures. It would also create a special liaison to HHS from CISA to support cybersecurity for health care and public health sector entities.
“In recent years, hospitals and other health care facilities in Indiana and across America have experienced a dramatic increase in cyberattacks,” said Senator Young. “Our bipartisan bill will take critical steps to strengthen cybersecurity infrastructure and better protect patients’ personal data.”
“For years, America’s health care system has faced devastating cyberattacks that have exposed patients’ data, jeopardized access to care, and hurt local and rural medical facilities across Nevada,” said Senator Rosen. “I’m introducing this bipartisan legislation to increase coordination to prevent cybersecurity attacks and make more resources available to hospitals and health care entities to improve their cybersecurity. I’ll keep working with both parties to strengthen our cybersecurity and protect Nevadans from cybercriminals.”
The Bill is found here.