On November 22, 2024, Senators Bill Cassidy (R-LA), Mark Warner (D-VA), John Cornyn (R-TX), and Maggie Hassan (D-NH), introduced the proposed Health Care Cybersecurity Resiliency Act of 2024. The bill emerged from a bipartisan initiative through a cybersecurity working group formed in 2023. This legislation builds on a prior proposal, the Health Infrastructure Security and Accountability Act (HISAA), which aimed to establish new baseline cybersecurity standards for healthcare organizations.
Senate Introduces Bipartisan Bill to Strengthen Healthcare Cybersecurity and Support Low-Resourced Organizations
If passed, the bill would require public reporting of any corrective measures taken against regulated entities, along with an assessment of recognized security practices during investigations (where applicable) and other information deemed necessary by the HHS Secretary. The HITECH Act would also be revised to mandate the disclosure of the number of individuals affected by data breaches. Furthermore, the legislation seeks to modernize HIPAA rules by obligating covered entities to adopt advanced cybersecurity measures, including multifactor authentication, and to perform regular penetration tests and audits to verify the strength of their security systems.