New Bill Places Stronger cyber protections in health care data

In US, the Health Care Cybersecurity and Resiliency Act of 2024 (S.5390) is the culmination of a yearlong effort on protecting the privacy of health care data .

Under the umbrella of the Senate Health, Education, Labor and Pensions Committee, the senators aimed to address a staggering stat from the Health and Human Services Department, which found that 89 million Americans’ health information was breached in 2023, more than twice as many as in 2022. 

The legislation starts with improved coordination between HHS and the Cybersecurity and Infrastructure Security Agency, fostering additional communication so that the agencies can better protect against and respond to cyberattacks in the health care sector. 

It also requires the HHS secretary to develop and implement a cyber incident response plan within a year of the bill’s enactment. The directors of CISA, the Office of Management and Budget and the National Institute of Standards and Technology should be consulted in the development of that plan, the bill states.