On Tuesday, the Senate passed the Cybersecurity Information Sharing Act, a bill that intends to improve cybersecurity by getting companies to share information about their hacking threats with the federal government. Passed by a 74-21 vote, the bill includes a provision co-authored by Alexander and Senate health committee Ranking Member Patty Murray (D-Wash.) that would help protect against health care industry data breaches. A recent Accenture report predicts that healthcare data breaches will cost healthcare systems $305 billion in cumulative lifetime revenue over the next five years.
In February, the Senate health commitee announced a bipartisan oversight initiative to examine the security of health information. The committee heard from many health organizations—including health insurers, doctors, hospitals and other businesses—about the need for clear guidance from Health and Human Services (HHS) on ways to safeguard against cyber threats or any sense of who at the agency was leading on the issue.
Key Facts to Know for the Healthcare Industry
Section 405 of the Cybersecurity Information Sharing Act would take the following steps to help health insurers, hospitals and doctors keep patients’ personal data secure:
1. Charges HHS and its subdivisions with naming an official who is responsible for leading the agency’s cybersecurity efforts—to coordinate response and so health organizations will know who is in charge of offering guidance and support;
2. Requests that the agency issue a report on emerging cyber threats in the health care industry, so both the agency and the American public have an accurate picture of the impact of these attacks;
3. Creates a task force of health industry leaders and cybersecurity experts to identify the biggest challenges in securing against cyber threats and recommend specific solutions to the agency;
4. Charges the task force to create a central resource to distribute cyber intelligence from the federal government to health care organizations in near real time, so they can rapidly respond to active threats;
5. Instructs HHS to create a series of best practices for health industry leaders to follow—on a voluntary basis—to help them keep their organization’s data as secure as possible.