Two U.S. senators introduced a bill Sept. 26 that would create minimum cybersecurity standards for hospitals and require them to undergo "stress tests."
The Health Infrastructure Security and Accountability Act would require HHS to develop the standards for providers, payers and clearinghouses and provide $800 million in funding for safety-net hospitals and $500 million for all hospitals to improve their cybersecurity.
"With hacks already targeting institutions across the country, it's time to go beyond voluntary standards and ensure healthcare providers and vendors get serious about cybersecurity and patient safety," bill co-sponsor Sen. Mark Warner, D-Va., said in a Sept. 26 statement.
The bill would also remove the existing caps on cyberattack-related fines under HIPAA, require corporate executives to sign off annually on the requirements or face jail time, have HHS audit at least 20 organizations a year for cybersecurity, and have covered entities submit to independent cybersecurity audits and stress tests to determine if they can promptly restore service after a hack.
A spokesperson for the American Hospital Association, which has opposed minimum cybersecurity standards for hospitals, told Becker's the organization had no comment on the bill.