X-Industry

US Healthcare Security

Posted by Jim McKee on June 18, 2025 at 12:00pm

13586946667?profile=RESIZE_400xUS legislators have introduced a new Healthcare Cybersecurity Bill to Congress, which is designed to expand the federal government’s role in preventing and responding to data breaches of Americans’ medical data.  Congressman Jason Crow (D-CO) introduced the bipartisan legislation on June 10 as part of efforts to tackle surging healthcare data breaches in the US.  In January 2025, it was reported that the personal and medical data records of 190 million US citizens were impacted by the Change Healthcare ransomware attack in 2024 alone.  The Change Healthcare incident also resulted in significant disruption to patient care.[1]

The Healthcare Cybersecurity Bill would specifically require the Cybersecurity and Infrastructure Security Agency (CISA) and the US Department of Health and Human Services (HHS) to collaborate on improving cybersecurity in both the healthcare and public health sectors.

The collaboration efforts include:

  • Facilitating the sharing of cyber threat intelligence between the agency and department to improve understanding of cyber risks in healthcare.
  • CISA provides training to healthcare organization owners and operators on how to mitigate risks.
  • HHS and CISA to create a healthcare sector-specific risk management plan, including evaluating best practices for how the government can support the security of covered technologies, services, and utilities before, during, and after data breaches
  • Establishing an objective criterion for determining high-risk assets in the healthcare sector and notifying the owners and operators of these assets.
  • CISA to submit reports to Congress on the support and activities it has provided to the healthcare and public health sector to prepare to face cyber threats proactively

Congressman Brian Fitzpatrick (R-PA), who joined Crow in introducing the Bill, commented: “This bipartisan bill takes direct, strategic action: empowering CISA and HHS to coordinate real-time threat sharing, expanding cybersecurity training for providers, and establishing a dedicated liaison to bolster response.  We’re not just responding to attacks, we’re building the infrastructure to prevent them, protect patient privacy, and defend a vital pillar of our national security.”

In January 2025, the HHS announced plans to update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, requiring healthcare providers to implement enhanced security measures for individuals’ protected health information (PHI).  This includes providing regulated entities with a specific level of authentication for accessing relevant IT systems and mandating the continuous testing of security measures.

 

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

 

[1] https://www.infosecurity-magazine.com/news/congress-bill-healthcare/

Views: 14
Tags: tr-25-166-004, #healthcare, congressman jason crow, congressman brian fitzpatrick, public health sector, healthcare organizations, cyber threat intelligence, patient privacy
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!