Healthcare providers, health plans, and connected entities across the U.S. would be subjected to minimum cybersecurity standards under the new Health Infrastructure Security and Accountability Act introduced by Senate Finance Committee Chair Ron Wyden, D-Ore., and Senate Intelligence Committee Chair Mark Warner, D-Va., reports CyberScoop.
Such a bill, which comes months after the widespread breach of Change Healthcare stemming from the absence of multi-factor authentication, would not only mandate data security audits from the Department of Health and Human Services but also impose jail times for healthcare executives making false cybersecurity claims. Implementation of more robust cybersecurity standards will be supported by $800 million in up-front investment payments for rural and urban safety net health providers and $500 million for all other hospitals, according to the legislation. "Clear accountability measures and mandatory cybersecurity requirements for all organizations that hold sensitive data are essential. We are grateful for Senator Wyden and Senator Warner’s leadership and look forward to continuing to work together on this legislation to strengthen cyber resiliency across our entire healthcare ecosystem," said HHS Deputy Secretary Andrea Palm.