Congresswoman Robin Kelly (IL-02) introduced legislation that would improve cybersecurity standards for hospitals. The Healthcare Cybersecurity Improvement Act (H.R. 10455) was introduced in the wake of increased ransomware attacks on hospitals. A total of 258 hospitals experienced ransomware attacks in 2023, a 128 percent increase compared to the year prior. This caused delayed medical procedures, disrupted patient care, rescheduled medical appointments, and strained acute care provisioning and capacity. The Healthcare Cybersecurity Improvement Act is supported by the cybersecurity organization, I Am the Cavalry. The Healthcare Cybersecurity Improvement Act proposes four changes to help protect patients’ healthcare data:

Places in statute the Healthcare Cybersecurity Coordination Center (HC3) so the office can continue its important work.

Creates an initial grant program with $100 million to boost the cybersecurity efforts of small- and medium-sized hospitals.

Requires the HHS to create basic cybersecurity standards to then be included as a Condition of Participation for hospitals receiving Medicare funding.

Creates liability protection so larger healthcare systems can provide smaller health centers access to cyber resources without fear of liability.