Congress·Reported·4 days ago

Congress Proposes New Cybersecurity Rules and Grants to Protect Hospitals from Cyberattacks

Legislative Progress

✓ Filed

Review

Senate

House

President

Impact Analysis

Who is affectedScoreImpactCertaintyScopeDurationSentiment

Scores: 1 = low, 5 = highSentiment: -5 to +5 (net benefit)

Key Points

This bill requires the Department of Health and Human Services to set new security rules for hospitals and health clinics. These rules include using multi-factor authentication—like a code sent to your phone—and encrypting patient data to make it much harder for hackers to steal personal medical information.
Healthcare providers, including hospitals, rural clinics, and community health centers, would be required to upgrade their computer systems. To help with the cost, the government would provide grants that these facilities can use to hire security experts, train staff, and replace old, vulnerable software.
Cyberattacks on hospitals have increased, sometimes forcing doctors to cancel appointments or leaking private records. By creating a national response plan and better sharing of threat information between agencies, the government aims to keep medical services running smoothly even during a digital attack.
If a data breach happens, the bill requires more transparency for the public. The government’s public reporting website would have to show exactly how many people were affected and what specific steps the healthcare company took to fix the problem and prevent it from happening again.
Small town and rural health centers often have fewer resources to fight hackers. The bill specifically orders new guidance and support tailored to these rural areas to ensure patients in every part of the country have their medical data protected.

HealthcareTechnology Digital

Milestones

3 milestones3 actions

Feb 26, 2026Senate

Committee on Health, Education, Labor, and Pensions. Ordered to be reported with an amendment in the nature of a substitute favorably.

Dec 2, 2025Senate

Read twice and referred to the Committee on Health, Education, Labor, and Pensions.

Dec 2, 2025

Introduced in Senate

What Happens Next

Projected impacts based on AI analysis

Within 1 year of enactment

HHS must develop a cybersecurity incident response plan and issue rural cybersecurity guidance

Within one year of enactment, hospitals and clinics would have clearer federal guidance on preparing for and recovering from cyberattacks, and rural facilities would get tailored best practices for improving their digital defenses.

1-3 years after enactment

New mandatory cybersecurity standards (encryption, multi-factor authentication, penetration testing) take effect for healthcare providers

Hospitals, clinics, and health insurance companies would need to meet stricter security requirements to protect patient data. The exact compliance deadline would be set by HHS to give facilities reasonable time to upgrade.

Within 3 years of enactment

GAO reports on how well rural health facilities have implemented cybersecurity guidance

Congress would get a formal assessment of whether rural clinics and hospitals actually improved their cyber defenses, which could lead to follow-up legislation or additional funding.

Related News

3 articles

VitalLaw·4 days ago

Bill to Update HIPAA Cyber Rules Clears Senate Committee

Bipartisan legislation adding new cybersecurity requirements to HIPAA regulations cleared the Senate HELP Committee. The bill directs HHS to require MFA, encryption, and penetration testing, while authorizing a grant program for healthcare providers to help fund these upgrades.

The HIPAA Journal·3 months ago

Bill Reintroduced to Strengthen Healthcare Cybersecurity

Sens. Cassidy, Warner, Hassan, and Cornyn reintroduced the Health Care Cybersecurity and Resiliency Act of 2025. The bill seeks to modernize HIPAA rules and provide grants to hospitals and rural clinics to ease the financial burden of implementing mandatory security standards like encryption.

BankInfoSecurity·3 months ago

Senators Reintroduce Bill to Boost Healthcare Cybersecurity

A bipartisan group of senators is taking another stab at strengthening healthcare cybersecurity. The 2025 bill calls for bolstering HIPAA regulations, providing cyber grants and training, and requiring HHS and CISA to coordinate on sector-wide threat sharing and incident response.

Source Information

Document Type

Congressional Bill

Official Title

Health Care Cybersecurity and Resiliency Act of 2025

Bill NumberS 3315

Congress119th Congress

ChamberSenate

Latest ActionCommittee on Health, Education, Labor, and Pensions. Ordered to be reported with an amendment in the nature of a substitute favorably.

Sponsor

Cosponsors

(3)

D: 2R: 1

Data Sources

Congress.gov

Official legislative information

Analysis generated by AI. While we strive for accuracy, this should not be considered legal or professional advice. Always verify information with official government sources.