Hawley, Peters Introduce Bill to Improve and Protect Rural Hospitals’ Cybersecurity

Thursday, May 11, 2023

Today U.S. Senator Josh Hawley (R-Mo.) – a member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC) – and HSGAC Chairman Gary Peters (D-Mich.) introduced the Rural Hospital Cybersecurity Enhancement Act, new legislation that addresses the critical need for skilled cybersecurity professionals and digital security enhancement protocols in rural healthcare settings.

This legislation follows a recent HSGAC hearing that identified rural healthcare facilities as soft targets for cybercriminals. Unlike larger urban hospitals, rural hospitals often have little to no full-time cybersecurity personnel and are particularly exposed to cyberattacks.

“Congress must take action to shore up the ability of small-town hospitals to defend themselves from cyberattacks,” said Senator Hawley. “By working to improve cybersecurity preparedness and develop a robust cybersecurity workforce in rural hospitals, we can help protect the sensitive medical and personal data of American patients and defend our national security.”

“Ransomware attacks against hospitals and health care systems that compromise sensitive medical information and disrupt patient care must be stopped. Unfortunately, small and rural hospitals often lack the resources to invest in cybersecurity defenses and staff to prevent these breaches,” said Senator Peters. “This bipartisan legislation will require the federal government to ensure our most vulnerable health care providers have the necessary tools to protect patient information and provide lifesaving care even as criminal hackers continue to target their networks.”

The Rural Hospital Cybersecurity Enhancement Act would:

  • Require the Cybersecurity and Infrastructure Security Agency (CISA) Director to develop a comprehensive rural hospital cybersecurity workforce development strategy that, at a minimum, considers public-private partnerships, development of curricula and training resources, and policy recommendations.
  • Require the CISA Director to create instructional materials for rural hospitals to train staff on fundamental cybersecurity measures.
  • Require the Secretary of Homeland Security to report annually to HSGAC and the House Committee on Homeland Security with updates regarding the strategy and any programs that have been implemented pursuant to the strategy.

Read the full bill text here.