Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

Senators Introduce Healthcare Cybersecurity Act

A new act is being proposed by two senators to promote collaboration between CISA and HHS that will hopefully improve security across the sector.






2 Replies
Defender I

To read the bill and track its progress through Congress see this page at S.3904

To review the responsibilities and roles CISA already has, check

From that CISA site:

  • "Established in 2018, CISA was created to work across public and private sectors, challenging traditional ways of doing business by engaging with government, industry, academic, and international partners. As threats continue to evolve, we know that no single organization or entity has all the answers for how to address cyber and physical threats to critical infrastructure. By bringing together our insight and capabilities, we can build a collective defense against the threats we face."
  • CISA Plays Two Key Roles
    We Are the Operational Lead for Federal Cybersecurity, or the Federal "dot gov
    We Are the National Coordinator for Critical Infrastructure Security and Resilience

From that perspective, I consider this bill if passed as such would do only two things:

1. Express a "sense of the Congress" that healthcare cybersecurity is a top priority, making for feel good political campaigning for incumbents.

2. Add nothing to the mission or focus of CISA, which is already responsible for working with both HHS ("Federal") and the healthcare industry in dealing with major cybersecurity concerns, but does add a number of new studies and reports that the already over-taxed CISA analysts and staff must produce, spreading them even thinner in attacking problems like, oh, maybe ransomeware in healthcare systems.


Yeah, color me not impressed.


D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts
Community Champion

I do not think this will be helpful at all. To me the answer is very simply, why doesn't the US pass a law like GDPR in the EU? I see the CISA as a computerized version of the DOD where every slightest issue will be blown way out of proportion just as a way to justify their spending. We have all heard about their offensive abilities, but shouldn't defense matter more? When government systems are still being compromised it seems like the priorities need to be reexamine! But hey someone for an exploit where you need physical access to a system and even then the impact is very low, better put out a high alert!