More than 250 hospitals were targeted by ransomware attacks in 2023, the office of Rep. Robin Kelly, D-Illinois, notes – representing a 128% increase compared to the previous year.

As has been shown over and over, these attacks, beyond being expensive, are disruptive and debilitating, sometimes for weeks, delaying crucial medical procedures, interrupting the flow of patient care, and leading to canceled medical appointments and overworked staff.

Kelly has introduced a new bill she says should help improve cybersecurity preparedness for the smaller hospitals most vulnerable to ransomware and other cyberattacks.

WHY IT MATTERS
Her newly filed legislation, the Healthcare Cybersecurity Improvement Act (H.R. 10455), contains four key provisions:

• It places in statute the Healthcare Cybersecurity Coordination Center (HC3) so the office can continue its work offering information and resources for providers.
• It creates an initial grant program, funded to the tune of $100 million, to boost the cybersecurity efforts of small and medium-sized hospitals.
• It requires HHS to create basic cybersecurity standards to then be included as a condition of participation for hospitals receiving Medicare funding.
• It creates liability protection so larger healthcare systems can provide smaller health centers with access to cyber resources without fear of liability.

Read the full text of the bill here.

"When patients put their health in the hands of doctors and healthcare providers, they're also entrusting their most private data to hospitals' cybersecurity systems – and the truth is that these systems are not up to par," said Kelly in a statement.

THE LARGER TREND
The new bill is supported by the volunteer cybersecurity organization AI Am the Cavalry, which is committed to boosting the cybersecurity of connected medical devices, IT infrastructure and other mission-critical technologies.

Cybercriminals "show no signs that they will let up," I Am the Cavalry cofounder Joshua Corman said in a statement. "These attacks cause degraded patient care with quantifiable increases in worsened outcomes and even losses of life. Congresswoman Robin Kelly has consistently engaged with ethical hackers through I Am the Cavalry on filling these gaps toward more resilience in small, medium and rural healthcare facilities, so any American can count on timely access to emergency care."

Kelly's bill is not the only recent congressional filing focused on extending a helping hand to health systems trying to protect against cyberattacks. In the Senate, the Health Care Cybersecurity and Resiliency Act of 2024 would provide grants to help healthcare organizations strengthen prevention and response - and push for better coordination between HHS and CISA.

Additionally, a public-private partnership – the White House, Microsoft, Google, the American Hospital Association, and the National Rural Health Association – collaborated earlier this year on an initiative to offer grants, free endpoint security advice and other resources for critical access and emergency hospitals.

ON THE RECORD
"It has become woefully obvious that hospitals need better standards and investments to help ward off cyberattacks, especially smaller hospitals that need larger capacity and expertise," said Kelly in a statement. "Americans going into surgery or rushing to the hospital for an emergency should not have to worry whether their doctor's medical equipment has been hacked or care has to be delayed because of a ransomware attack."

Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.