Light Dark
August 24, 2022 By Jennifer Gregory 2 min read
News

U.S. Senators Jacky Rosen (D-NV) and Bill Cassidy, MD (R-LA) recently proposed the Healthcare Cybersecurity Act of 2022 to Congress. This new bill aims to reduce cybersecurity attacks and data breaches in the healthcare and public health industries. The plan: an improved partnership between the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA), which is an agency of the Department of Homeland Security. The bill is currently going through the introductory process in the Senate.

Cybersecurity issues facing the healthcare industry

The IBM Security X-Force Threat Intelligence Index 2022 ranked healthcare as the sixth most attacked industry. It made up 5.1% of all attacks X-Force observed in 2021. They found that most attacks against healthcare groups (57%) were vulnerability exploitations. Attackers also used ransomware (38% of attacks) more often in healthcare-related attacks than in attacks against other industries. Phishing came in third place, comprising 29% of attacks.

“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” said Senator Rosen in a press release. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

Bill outlines partnership between CISA and HSS

The new bill defines the roles of each agency in the partnership. It also outlines specific actions that the CISA will take. It requires training for healthcare workers and outlines specific areas that CISA will analyze during a detailed study. Details include:

  • Mandating the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) to work together on improving cybersecurity in the healthcare and public health sectors, as defined by CISA
  • Authorizing cybersecurity training for healthcare groups on digital risks and ways to mitigate them
  • Requiring CISA to conduct a detailed study on specific risks facing the healthcare industry, including how those risks impact healthcare assets, the challenges these organizations face in securing updated information systems today and an assessment of relevant workforce shortages.

Improving care and privacy

An important element here is outlining the steps and the specific areas to look at. That way, the bill takes practical strides to solve the problem. While the Healthcare Cybersecurity Act of 2022 focuses on the actions of CISA and HHS, the goal is to improve care and privacy for patients.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks,” said Dr. Cassidy in a press release. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

 |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature