Press Releases

Long and Matsui reintroduce revised bill seeking to improve HHS cybersecurity

House Energy and Commerce Committee members Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA) today introduced H.R. 4191, the HHS Cybersecurity Modernization Act, legislation to address cyber threats to the Department of Health and Human Services (HHS).

Since last Congress, the Energy and Commerce Committee has held hearings that examined health care cybersecurity efforts and the Health Care Industry Cybersecurity Task Force has released a report detailing actions that should be taken. Recent cybersecurity threats like ‘WannaCry’ and ‘NotPetya’ also tell us that more work is necessary.

The HHS Cybersecurity Modernization Act would support recent efforts at HHS and build upon this by giving the Secretary of HHS the authority to reorganize its cybersecurity personnel and requiring the department to develop and submit a plan regarding the following:

  • The internal coordination between HHS offices that have regulatory authority with regards to health care cybersecurity, and how those offices will coordinate their efforts to provide a “whole-of-department” response to modern cybersecurity challenges.
  • The role of HHS in securing its own internal information systems as compared to its role in providing guidance, information, education, training, and assistance to the health care sector, and how it will differentiate between those two roles.
  • The challenges HHS faces as both the regulator and the Sector Specific Agency for health care, and how it will differentiate between these two roles.

“The cyber threats our nation face are real and growing,” said Rep. Long. “My bill works to increase collaboration between HHS and the health care sector to ensure the protection of Americans’ sensitive personal data. Cybersecurity threats are nothing new, but how we respond to them needs to improve and this bill is an important step in strengthening our cybersecurity efforts at HHS and in the health care community.”

“As technology plays an increasingly important role in our healthcare system, we must ensure that our data security practices keep pace,” said Congresswoman Matsui. “Patients deserve to know that their medical information is safe, and hospitals, manufacturers and insurance companies that handle patient data need guidance to ensure they are following best practices. This bill builds on the legislation Congressman Long and I introduced last Congress, further encouraging HHS to implement the appropriate internal infrastructure that will ensure the agency is prepared to lead the healthcare industry in cybersecurity.”