Today U.S. Senator Josh Hawley’s (R-Mo.) Rural Hospital Cybersecurity Enhancement Act, cosponsored by Senate Homeland Security and Governmental Affairs Committee (HSGAC) Chairman Gary Peters (D-Mich.) and Senator Jon Ossoff (D-Ga.), passed through committee and now heads to the Senate floor.
This legislation was originally introduced in May 2023. It addresses the critical need for skilled cybersecurity professionals and digital security enhancement protocols in rural healthcare settings.
In March, HSGAC members held a hearing that identified rural healthcare facilities as soft targets for cybercriminals. Unlike larger urban hospitals, rural hospitals often have little to no full-time cybersecurity personnel and are particularly exposed to cyberattacks.
The number of attacks on U.S. hospitals each year doubled between 2016 and 2021. The threat of ineffective cybersecurity at rural hospitals is evidenced by multiple recent incidents in Missouri, including one in September 2021 at Missouri Delta Medical Center in Sikeston, MO and a similar attack in December 2022, at Fitzgibbon Hospital in Marshall, MO. Additionally, a rural Illinois hospital recently became the first health care facility to publicly announce it would close its doors due to the consequences of a cyberattack.
“I am encouraged Congress is taking bipartisan action to shore up the ability of small-town hospitals to defend themselves from cyberattacks,” said Senator Hawley. “We must continue working diligently to improve cybersecurity preparedness in rural hospitals to both protect the sensitive medical and personal data of American patients and defend our national security.”
“Ransomware attacks against hospitals and health care systems that compromise sensitive medical information and disrupt patient care must be stopped. Unfortunately, small and rural hospitals often lack the resources to invest in cybersecurity defenses and staff to prevent these breaches,” said Senator Peters. “This bipartisan legislation will require the federal government to ensure our most vulnerable health care providers have the necessary tools to protect patient information and provide lifesaving care even as criminal hackers continue to target their networks.”
The Rural Hospital Cybersecurity Enhancement Act would:
- Require the Cybersecurity and Infrastructure Security Agency (CISA) Director to develop a comprehensive rural hospital cybersecurity workforce development strategy that, at a minimum, considers public-private partnerships, development of curricula and training resources, and policy recommendations.
- Require the CISA Director to create instructional materials for rural hospitals to train staff on fundamental cybersecurity measures.
- Require the Secretary of Homeland Security to report annually to HSGAC and the House Committee on Homeland Security with updates regarding the strategy and any programs that have been implemented pursuant to the strategy.
Read the full bill text here.