Legislation recently introduced in the U.S. Senate would improve American health care system’s cybersecurity.
The Health Infrastructure Security and Accountability Act would require the Department of Health and Human Services to develop and enforce minimum cybersecurity standards for health care providers, health plans, clearinghouses and business associates.
The bill also would remove the existing cap on fines under the Health Insurance Portability and Accountability Act. Removal allows the regulator to issue fines large enough to deter mega-corporations that ignore cybersecurity standards. It also would provide funding for hospitals, particularly low-resource hospitals, to improve their cybersecurity.
“Mega-corporations like UnitedHealth are flunking Cybersecurity 101, and American families are suffering as a result,” U.S. Sen. Ron Wyden (D-OR), Senate Finance Committee chairman, said. “The health care industry has some of the worst cybersecurity practices in the nation despite its critical importance to Americans’ well-being and privacy. These commonsense reforms, which include jail time for CEOs that lie to the government about their cybersecurity, will set a course to beef up cybersecurity among health care companies across the nation and stem the tide of cyberattacks that threaten to cripple the American health care system.”
Wyden urged the Biden Administration in June to investigate UnitedHealth Group and hold the company accountable for its lax cybersecurity.