Increased reports of healthcare data breaches across the United States are gaining the attention of lawmakers seeking to protect Americans’ personal health information. Currently, the US Department of Health and Human Services (HHS) is investigating nearly one thousand different breaches of healthcare data systems.
Each breach enables hackers to access the protected health information of at least 500 or more individuals. Consequently, millions of Americans have had their personal health information stolen by unknown actors.
Last year, hackers stole over $7 million in grant money originally designated to the HHS.
In response, US Senators Marco Rubio (R-FL) and Angus King (I-ME) have filed a bill to require HHS to perform consistent evaluations of its cybersecurity systems and report their findings.
The Strengthening Cybersecurity in Health Care Act would compel HHS to perform a biannual review of its cybersecurity defenses through ‘white hat’ hacking.
‘White hat’ hacking refers to processes that seek to identify cybersecurity vulnerabilities in a digital platform through self-performed tests that gauge the strength of such platform’s security.
Biannual reports to congress will have to include how the Secretary of HHS plans to update the cybersecurity practices and protocols of HHS to adapt to the latest cyberattack strategies.
Senator Rubio explained how, following the COVID-19 crisis, cyberattacks against the US healthcare system have increased in strength and vigor.
“Since the pandemic, we have seen a rise in the number of cyberattacks against our healthcare systems. I am proud to introduce the bipartisan Strengthening Cybersecurity in Health Care Act,” said Rubio via press release.
Rubio continued, stating the act “aims to reassure the American people by better safeguarding their sensitive information, ensuring peace of mind during these ever changing times.”
According to HealthITSecurity, more than 540 organizations and 112 million individuals were implicated in healthcare data breaches in 2023 alone.
The largest of such breaches was suffered by HCA Healthcare, which reported a breach impacting over 11 million individuals last July.