H.R. 3841: Healthcare Cybersecurity Act of 2025
This legislation, known as the Healthcare Cybersecurity Act of 2025, aims to enhance cybersecurity measures in the healthcare and public health sectors in response to increasing cyber threats. Here’s an overview of its main components:
1. Short Title
The Act is officially referred to as the Healthcare Cybersecurity Act of 2025.
2. Key Definitions
The bill defines several terms relevant to its implementation:
- Agency: Refers to the Cybersecurity and Infrastructure Security Agency.
- Covered Asset: Assets within the healthcare and public health sector, including technologies, services, and utilities.
- Cybersecurity State Coordinator: An appointed official responsible for coordinating cybersecurity efforts in the states.
- Department: Refers to the Department of Health and Human Services.
- Director: The head of the Cybersecurity and Infrastructure Security Agency.
- Healthcare and Public Health Sector: Defined by the National Security Memorandum relating to critical infrastructure.
3. Findings
The bill states that:
- Healthcare assets are increasingly at risk of cyberattacks, which can result in data breaches and negatively impact patient health outcomes.
- There has been a substantial increase in cyber breaches in healthcare facilities in recent years.
4. Agency Coordination
The Cybersecurity and Infrastructure Security Agency must coordinate with the Department of Health and Human Services to improve cybersecurity in the sector. This includes:
- Appointing a liaison to help manage cybersecurity issues.
- Supporting the implementation of a specific risk management plan.
- Facilitating the sharing of cyber threat information between agencies.
5. Training Initiatives
The Agency will provide training for owners and operators of healthcare assets to understand cybersecurity risks and how to mitigate these risks.
6. Risk Management Plan Update
Within a year of enactment, the Secretary of Health and Human Services, along with the Director, must update the risk management plan, which should include:
- Analysis of the impact of cyber risks on healthcare assets.
- Challenges faced by operators in securing systems and responding to attacks.
- Best practices for using agency resources.
- Assessment of healthcare workforce shortages related to cybersecurity.
7. Identifying High-Risk Assets
The Secretary may create criteria to identify high-risk healthcare assets and maintain a list that can help prioritize resources for cybersecurity improvements.
8. Reporting Requirements
Several reports are mandated under the legislation:
- A report detailing support provided to healthcare entities to prepare for cyber threats.
- A report on federal resources available for the healthcare sector about critical infrastructure.
9. Protections and Limitations
The bill includes clauses ensuring that:
- No actions taken under this Act violate existing laws or individual rights protected by the Constitution.
- No additional funding is authorized for carrying out provisions of this Act.
Relevant Companies
None found.
This is an AI-generated summary of the bill text. There may be mistakes.
Sponsors
2 bill sponsors
Actions
2 actions
| Date | Action |
|---|---|
| Jun. 09, 2025 | Introduced in House |
| Jun. 09, 2025 | Referred to the Committee on Homeland Security, and in addition to the Committee on Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned. |
Corporate Lobbying
0 companies lobbying
None found.
* Note that there can be significant delays in lobbying disclosures, and our data may be incomplete.
Potentially Relevant Congressional Stock Trades
No relevant congressional stock trades found.