Working to safeguard the nation’s health care system from cyber attacks, U.S. Rep. Billy Long (R-MO) on Wednesday introduced legislation to strengthen cybersecurity in the Department of Health and Human Services (HHS).
H.R. 4191, the HHS Cybersecurity Modernization Act, would expand HHS’s work in cybersecurity through collaboration between HHS and the health care community. The legislation would grant the HHS secretary authority to reorganize its cybersecurity staff and would require developing a plan that differentiates between various agency roles.
“The cyber threats our nation face are real and growing,” said Long, a member of the House Energy and Commerce Committee. “My bill works to increase collaboration between HHS and the health care sector to ensure the protection of Americans’ sensitive personal data.”
The Energy and Commerce Committee has held hearings on health care cybersecurity since the 114th Congress. And the Health Care Industry Cybersecurity Task Force in June released a report on industry cybersecurity improvements and the need to ensure patient safety.
Long’s fellow committee member U.S. Rep. Doris Matsui (D-CA) joined him in introducing the bill.
The plan required under the legislation would call for internal coordination between HHS agencies possessing regulatory authority regarding their health care cybersecurity and those agencies’ coordination on cybersecurity.
The plan would also address issues HHS faces as both a health care regulator and the health care Sector Specific Agency (SSA). As outlined in Presidential Policy Directive 21: Critical Infrastructure Security and Resilience, HHS is the SSA for health care infrastructure protection.
The HHS plan would also be required to distinguish between the agency’s role in internal information system security and its role in providing the health care sector with information, guidance, education, training and technical assistance.
“Cybersecurity threats are nothing new, but how we respond to them needs to improve and this bill is an important step in strengthening our cybersecurity efforts at HHS and in the health care community,” Long concluded.