118 S1560 RS: Rural Hospital Cybersecurity Enhancement Act
U.S. Senate
2024-05-09
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Rural Hospital Cybersecurity Enhancement Act
.2.In this Act:(1)Appropriate committees of CongressThe term appropriate committees of Congress
means—(A)the Committee on Homeland Security and Governmental Affairs of the Senate; and(B)the Committee on Homeland Security of the House of Representatives. (2)The term Director means the Director of the Cybersecurity and Infrastructure Security Agency.(3)The term rural hospital means a healthcare facility that—(A)is located in a non-urbanized area, as determined by the Bureau of the Census; and(B)provides inpatient and outpatient healthcare services, including primary care, emergency care, and diagnostic services.(4)The term Secretary means the Secretary of Homeland Security.3.Rural hospital cybersecurity workforce development strategy(a)Not later than 1 year after the date of enactment of this Act, the Secretary, acting through the Director, shall develop and transmit to the appropriate committees of Congress a comprehensive rural hospital cybersecurity workforce development strategy to address the growing need for skilled cybersecurity professionals in rural hospitals.(b)(1)In carrying out subsection (a), the Secretary and Director may consult with the Secretary of Health and Human Services, the Secretary of Education, and the Secretary of Labor.(2)In carrying out subsection (a), the Secretary shall consult with rural healthcare providers from each geographic region in the United States.(c)The rural hospital cybersecurity workforce development strategy developed under subsection (a) shall, at a minimum, consider the following components:(1)Partnerships between rural hospitals, educational institutions, private sector entities, and nonprofit organizations to develop, promote, and expand cybersecurity education and training programs tailored to the needs of rural hospitals.(2)The development of a cybersecurity curriculum and teaching resources that focus on teaching technical skills and abilities related to cybersecurity in rural hospitals for use in community colleges, vocational schools, and other educational institutions located in rural areas.(3)Recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy.(d)Not later than 60 days after the date on which the first full fiscal year ends following the date on which the Secretary transmits the rural hospital cybersecurity workforce development strategy developed under subsection (a), and not later than 60 days after the date on which each fiscal year thereafter ends, the Secretary shall submit to the appropriate committees of Congress a report that includes, at a minimum, information relating to—(1)updates to the rural hospital cybersecurity workforce development strategy, as appropriate;(2)any programs or initiatives established pursuant to the rural hospital cybersecurity workforce development strategy, as well as the number of individuals trained or educated through such programs or initiatives;(3)additional recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy; and(4)the effectiveness of the rural hospital cybersecurity workforce development strategy in addressing the need for skilled cybersecurity professionals in rural hospitals.4.Instructional materials for rural hospitals(a)Not later than 1 year after the date of enactment of this Act, the Director shall make available instructional materials for rural hospitals that can be used to train staff on fundamental cybersecurity efforts.(b)In carrying out subsection (a), the Director shall—(1)consult with experts in cybersecurity education and rural healthcare experts;(2)identify existing cybersecurity instructional materials that can be adapted for use in rural hospitals and create new materials as needed; and(3)conduct an awareness campaign to promote the materials available to rural hospitals developed under subsection (a).5.Any action undertaken pursuant to this Act shall not be subject to chapter 10 of title 5, United States Code. 1.This Act may be cited as the Rural Hospital Cybersecurity Enhancement Act
.2.In this Act:(1)The term agency has the meaning given the term in section 551 of title 5, United States Code.(2)Appropriate committees of CongressThe term appropriate committees of Congress
means—(A)the Committee on Homeland Security and Governmental Affairs of the Senate; and(B)the Committee on Homeland Security of the House of Representatives. (3)The term Director means the Director of the Cybersecurity and Infrastructure Security Agency.(4)The term geographic division means a geographic division that is among the 9 geographic divisions determined by the Bureau of the Census. (5)The term rural hospital means a healthcare facility that—(A)is located in a non-urbanized area, as determined by the Bureau of the Census; and(B)provides inpatient and outpatient healthcare services, including primary care, emergency care, and diagnostic services.(6)The term Secretary means the Secretary of Homeland Security.3.Rural hospital cybersecurity workforce development strategy(a)Not later than 1 year after the date of enactment of this Act, the Secretary, acting through the Director, shall develop and transmit to the appropriate committees of Congress a comprehensive rural hospital cybersecurity workforce development strategy to address the growing need for skilled cybersecurity professionals in rural hospitals.(b)(1)In carrying out subsection (a), the Secretary and Director may consult with the Secretary of Health and Human Services, the Secretary of Education, the Secretary of Labor, and any other appropriate head of an agency.(2)In carrying out subsection (a), the Secretary shall consult with not less than 2 representatives of rural healthcare providers from each geographic division in the United States.(c)The rural hospital cybersecurity workforce development strategy developed under subsection (a) shall, at a minimum, consider the following components:(1)Partnerships between rural hospitals, non-rural healthcare systems, educational institutions, private sector entities, and nonprofit organizations to develop, promote, and expand the rural hospital cybersecurity workforce, including through education and training programs tailored to the needs of rural hospitals.(2)The development of a cybersecurity curriculum and teaching resources that focus on teaching technical skills and abilities related to cybersecurity in rural hospitals for use in community colleges, vocational schools, and other educational institutions located in rural areas.(3)Identification of—(A)cybersecurity workforce challenges that are specific to rural hospitals, as well as challenges that are relative to hospitals generally; and (B)common practices to mitigate both sets of challenges described in subparagraph (A). (4)Recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy.(d)Not later than 60 days after the date on which the first full fiscal year ends following the date on which the Secretary transmits the rural hospital cybersecurity workforce development strategy developed under subsection (a), and not later than 60 days after the date on which each fiscal year thereafter ends, the Secretary shall provide a briefing to the appropriate committees of Congress that includes, at a minimum, information relating to—(1)updates to the rural hospital cybersecurity workforce development strategy, as appropriate;(2)any programs or initiatives established pursuant to the rural hospital cybersecurity workforce development strategy, as well as the number of individuals trained or educated through such programs or initiatives;(3)additional recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy; and(4)the effectiveness of the rural hospital cybersecurity workforce development strategy in addressing the need for skilled cybersecurity professionals in rural hospitals.4.Instructional materials for rural hospitals(a)Not later than 1 year after the date of enactment of this Act, the Director shall make available instructional materials for rural hospitals that can be used to train staff on fundamental cybersecurity efforts.(b)In carrying out subsection (a), the Director shall—(1)consult with appropriate heads of agencies, experts in cybersecurity education, and rural healthcare experts;(2)identify existing cybersecurity instructional materials that can be adapted for use in rural hospitals and create new materials as needed; and(3)conduct an awareness campaign to promote the materials available to rural hospitals developed under subsection (a).5.No additional funds are authorized to be appropriated for the purpose of carrying out this Act. May 9, 2024Reported with an amendment