THE FOLLOWING RELEASE IS FROM CONGRESSWOMAN ROBIN KELLY’S OFFICE
Cyberattacks against hospitals increased by 128% in 2023
Washington – Congresswoman Robin Kelly (IL-02) introduced legislation that would improve cybersecurity standards for hospitals. The Healthcare Cybersecurity Improvement Act (H.R. 10455) was introduced in the wake of increased ransomware attacks on hospitals.
“When patients put their health in the hands of doctors and healthcare providers, they’re also entrusting their most private data to hospitals’ cybersecurity systems – and the truth is that these systems are not up to par,” said Rep. Kelly. “It has become woefully obvious that hospitals need better standards and investments to help ward off cyberattacks, especially smaller hospitals that need larger capacity and expertise. Americans going into surgery or rushing to the hospital for an emergency should not have to worry whether their doctor’s medical equipment has been hacked or care has to be delayed because of a ransomware attack.”
A total of 258 hospitals experienced ransomware attacks in 2023, a 128% increase compared to the year prior. This caused delayed medical procedures, disrupted patient care, rescheduled medical appointments, and strained acute care provisioning and capacity.
The Healthcare Cybersecurity Improvement Act is supported by the cybersecurity organization, I Am the Cavalry.
“While the Health Insurance Portability and Accountability Act has focused the industry on the confidentiality of data, we have seen worse harms manifest in the form of cyber-disruption, and the attackers show no signs that they will let up,” said Joshua Corman, co-founder of I Am The Cavalry. “These attacks cause degraded patient care with quantifiable increases in worsened outcomes and even losses of life. Congresswoman Robin Kelly has consistently engaged with ethical hackers through I Am The Cavalry on filling these gaps toward more resilience in small, medium, and rural healthcare facilities, so any American can count on timely access to emergency care.”
The Healthcare Cybersecurity Improvement Act proposes four changes to help protect patients’ healthcare data:
- Places in statute the Healthcare Cybersecurity Coordination Center (HC3) so the office can continue its important work.
- Creates an initial grant program with $100 million to boost the cybersecurity efforts of small- and medium-sized hospitals.
- Requires the HHS to create basic cybersecurity standards to then be included as a Condition of Participation for hospitals receiving Medicare funding.
- Creates liability protection so larger healthcare systems can provide smaller health centers access to cyber resources without fear of liability.
