118 S3773 IS: Strengthening Cybersecurity in Health Care Act
U.S. Senate
2024-02-08
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Strengthening Cybersecurity in Health Care Act
.2.Evaluation of HHS cybersecurity(a)Not later than 2 years after the date of enactment of this Act, and every 2 years thereafter, the Inspector General of the Department of Health and Human Services shall evaluate the cybersecurity practices and protocols of the Department through the conduct of penetration tests and other testing procedures to determine how systems processing, transmitting, or storing mission critical or sensitive data by, for, or on behalf of the Department is currently, or could be compromised and—(1)expose patient data, including Medicare numbers of individuals; or(2)impact patient safety. (b)Not later than 2 years after the date of enactment of this Act, and every 2 years thereafter—(1)the Secretary of Health and Human Services shall submit to Congress a report that describes how the Secretary will update the cybersecurity practices and protocols of the Department of Health and Human Services to adapt to the latest cyberattack strategies; and(2)the Inspector General of the Department of Health and Human Services shall submit to Congress a report that describes—(A)how the Inspector General is currently using Federal funds of the Inspector General to carry out subsection (a); and(B)additional funding or legislative changes required for the Inspector General to maintain the evaluation described in subsection (a).