June 15, 2023
In a significant step toward strengthening cybersecurity in rural hospitals, the Senate Committee on Homeland Security and Governmental Affairs (HSGAC) advanced the Rural Hospital Cybersecurity Enhancement Act on June 14, 2023. The bill, introduced by Sen. Josh Hawley of Missouri in collaboration with HSGAC Chairman Gary Peters, addresses the critical need for skilled cybersecurity professionals and improved digital security protocols in rural hospitals.
With cyber threats becoming increasingly prevalent, especially for vulnerable healthcare facilities, this legislation marks a significant effort to protect sensitive medical data and enhance national security.
Table of Contents
Rural Hospital Cybersecurity Enhancement Act Gains Traction in Senate Committee
The latest action on Congress.gov shows that the Rural Hospital Cybersecurity Enhancement Act was already ordered to be “reported with an amendment in the nature of a substitute favorably.” This means that the HSGAC has advanced the bill with modifications to the full Senate for further consideration and potential approval. This notable development will hopefully be a step toward strong cybersecurity measures, data privacy best practices, and patient data protection in rural hospitals nationwide.
Hawley and Peters Introduce S.1560 to Improve Cybersecurity in Rural Hospitals
The Rural Hospital Cybersecurity Enhancement Act (S.1560) was introduced by Sen. Josh Hawley and HSGAC Chairman Gary Peters on May 11, 2023. The website of Sen. Josh Hawley quoted the two public officials on the importance of the said bill:
“Congress must take action to shore up the ability of small-town hospitals to defend themselves from cyberattacks,” said Senator Hawley. “By working to improve cybersecurity preparedness and develop a robust cybersecurity workforce in rural hospitals, we can help protect the sensitive medical and personal data of American patients and defend our national security.”
“Ransomware attacks against hospitals and health care systems that compromise sensitive medical information and disrupt patient care must be stopped. Unfortunately, small and rural hospitals often lack the resources to invest in cybersecurity defenses and staff to prevent these breaches,” said Senator Peters. “This bipartisan legislation will require the federal government to ensure our most vulnerable health care providers have the necessary tools to protect patient information and provide lifesaving care even as criminal hackers continue to target their networks.”
Addressing the Cybersecurity Skills Shortage in Rural Hospitals
Unlike their larger urban counterparts, rural hospitals often lack full-time cybersecurity personnel and are particularly vulnerable to cyberattacks. Cybercriminals target these smaller organizations as much as bigger healthcare facilities. However, rural hospitals usually lack resources and the necessary budget to address cyber attacks. Recognizing this disparity, the Rural Hospital Cybersecurity Enhancement Act seeks to bridge the cybersecurity skills gap in rural healthcare settings.
5 Key Provisions Of The Rural Hospital Cybersecurity Enhancement Act
The Rural Hospital Cybersecurity Enhancement Act will have the following provisions:
1. Comprehensive workforce development strategy
Within one year of the bill’s enactment, the Secretary of Homeland Security, through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), will develop and transmit a comprehensive rural hospital cybersecurity workforce development strategy. This strategy will address the growing need for skilled cybersecurity professionals in rural hospitals.
2. Collaboration and partnerships
The strategy will consider partnerships between rural hospitals, educational institutions, private sector entities, and nonprofit organizations. Such collaborations will aim to develop, promote, and expand cybersecurity education and training programs tailored to the specific needs of rural hospitals.
3. Cybersecurity curriculum and resources
The bill emphasizes the development of a cybersecurity curriculum and teaching resources that focus on technical skills and abilities relevant to rural hospitals. These materials will be designed for use in community colleges, vocational schools, and other educational institutions located in rural areas.
4. Legislative recommendations
The strategy will provide recommendations for legislation, rulemaking, or guidance to implement its components effectively. This holistic approach aims to create a regulatory framework that supports cybersecurity enhancement efforts in rural hospitals.
5. Instructional materials
The Director of CISA will make available instructional materials for rural hospitals to train their staff on fundamental cybersecurity measures. These materials will be developed with the guidance of cybersecurity education experts and rural healthcare professionals.
The Rural Hospital Cybersecurity Enhancement Act’s advancement by the Senate Committee on Homeland Security and Governmental Affairs signals a crucial commitment to bolstering cybersecurity measures in rural healthcare facilities. This legislation aims to protect American patients’ sensitive medical and personal data and fortify national security by addressing the shortage of cybersecurity professionals and implementing robust digital security protocols.
As the bill progresses through the Senate, it promises to provide rural hospitals with the necessary tools, resources, and collaborative networks to combat cyber threats effectively. Hopefully, the Rural Hospital Cybersecurity Enhancement Act will be a significant step toward securing rural communities’ healthcare infrastructure to ensure that patients in these areas receive the highest quality of care.
