Four senators have introduced a bipartisan bill to improve cybersecurity in the healthcare sector and safeguard health data of Americans.

The proposed Health Care Cybersecurity and Resiliency Act of 2024 was developed by the lawmakers through a bipartisan healthcare cybersecurity working group that launched in 2023, Sen. Maggie Hassan’s office said Friday.

What Would the Bill Do?

The proposed measure would provide grants to health organizations to enhance cyberattack prevention and response, provide training to health entities on cybersecurity best practices and require the secretary of the Department of Health and Human Services, or HHS, to implement a cybersecurity incident response plan.

The legislation would offer best practices to rural health clinics and other providers on how to prevent cybersecurity breaches, improve resilience and coordinate with federal agencies.

The bill also seeks to improve coordination between HHS and the Cybersecurity and Infrastructure Security Agency to facilitate response to cyberattacks in the healthcare sector.

“Cyberattacks on our health care sector not only put patients’ sensitive health data at risk but can delay life-saving care,” Sen. Bill Cassidy, R-La.“This bipartisan legislation ensures health institutions can safeguard Americans’ health data against increasing cyber threats.”

Cassidy, the Senate Health, Education, Labor and Pensions Committee’s ranking member, introduced the bill with Sens. Maggie Hassan, D-N.H., Mark Warner, D-Va., and John Cornyn, R-Texas.

Register here for the Potomac Officers Club’s 2024 Healthcare Summit on Dec. 11. Join this key event to explore the transformative trends and innovations shaping the future of the U.S. healthcare sector.

The Government Accountability Office recommends that the National Cyber Director take the lead in coordinating the U.S. strategy in quantum computing cybersecurity.

Lack of Coordinating Federal Agency

The government watchdog made the proposal in a recent report, released Thursday, where it was pointed out that within the next decade or two, a quantum computer may be developed that is capable of overcoming the cryptography being used to secure systems and data. Despite the threat posed by such a computer — known as a cryptographically relevant quantum computer, or CRQC — no single agency is tasked with coordinating the various efforts across the U.S. government that is being undertaken to build up a national strategy.

Strategy Objectives & Characteristics

According to GAO, a national quantum computing cybersecurity strategy would have three objectives, namely: the standardization of post quantum cryptography, or PQC; the migration of federal systems to PQC; and the preparation of all sectors for PQC. Such a strategy should also feature three desirable characteristics, namely: it offers a definition of the problem and a risk assessment; it articulates its purpose, scope and methodology; and it lists objectives, activities, milestones and performance measures.

GAO notes that due to the lack of a singular coordinating federal agency, these characteristics are not fully addressed in the multiple documents that comprise the emerging U.S. national strategy for quantum cybersecurity.

“If the [Office of the National Cyber Director] embraces this role and ensures that the strategy fully addresses the desirable characteristics, the nation will have a better-defined roadmap for allocating resources and holding participants accountable,” GAO said in its report.