Bill > S3315

This bill, known as the Health Care Cybersecurity and Resiliency Act of 2025, aims to improve cybersecurity in the healthcare and public health sectors through multiple coordinated efforts. The bill requires the Secretary of Health and Human Services and the Director of the Cybersecurity and Infrastructure Security Agency to work together to enhance cybersecurity, including developing specific cyber threat information products and sharing defensive measures. It mandates the creation of a cybersecurity incident response plan within the Department of Health and Human Services, updates breach reporting requirements to include more detailed information about cybersecurity incidents, and introduces new cybersecurity standards for healthcare entities such as requiring multifactor authentication and encryption of protected health information. The legislation also establishes a grant program to help healthcare organizations adopt cybersecurity best practices, provides special guidance for rural healthcare entities to improve their cyber readiness, and creates training programs to develop a stronger healthcare cybersecurity workforce. Additionally, the bill requires annual reporting on cybersecurity practices and provides flexibility for entities to implement new requirements with reasonable timelines, recognizing the financial and technological challenges of improving cybersecurity infrastructure.

Health and Social Services

https://www.congress.gov/bill/119th-congress/senate-bill/3315/all-info