New Bipartisan Healthcare Cybersecurity Act Aims to Improve Protection Efforts

The News: A bipartisan healthcare cybersecurity act is underway, recently introduced by U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV). The bill would require the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on improving cybersecurity measures across hospitals and healthcare networks. Read the Press Release from Senator Cassidy’s office here.

New Bipartisan Healthcare Cybersecurity Act Aims to Improve Protection Efforts

Analyst Take: The new bipartisan healthcare cybersecurity act is something I don’t find it all difficult to get excited about. Think about it for a moment: How would you feel if strangers were able to access the inside of your medicine cabinet or even worse, your medical records? Healthcare data is delicate and highly personal, which is why there are many measures in place to protect its confidentiality. However, now that healthcare information is primarily digitized, it is also increasingly vulnerable to cyberattacks.

Research shows that healthcare-related cyber crimes are rising at an alarming rate. Patient information is some of the most sensitive data that exists, making it a hot target for cyber criminals and a significant risk for healthcare organizations. Think it’s not a problem or that it’s not something you need to be worried about? Not the case. In fact, Politico recently reported that nearly 50 million Americans experienced breaches in their health data in 2021 alone, a threefold increase over three years.

That’s why a bipartisan healthcare cybersecurity act is, to my way of thinking, welcome news. In an effort to reverse this trend, U.S. Senators Cassidy and Rosen introduced the Healthcare Cybersecurity Act on March 23rd. The bill directs the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on improving cybersecurity measures across hospitals and healthcare networks. It also would authorize cybersecurity risk and mitigation training for Healthcare and Public Health sector asset owners and operators, and direct CISA to study the specific risks and challenges currently faced by organizations in the healthcare sector.

Why is Cybersecurity a Concern for Healthcare Agencies?

Healthcare data is covered by specific protections for good reason. The HIPAA Security Rule requires healthcare providers to observe data security practices for the storage and transfer of protected health information (PHI) because, in addition to sensitive information about people’s health, it includes names, addresses, dates of birth, billing information, and other data that is very valuable to cyber criminals. The depth of information contained in health records offers increased potential for fraud and identity theft, which can be much harder to detect and manage than simple credit card data leaks. Steal credit card info, rack up charges — irritating and inconvenient. Steal healthcare PHI and an ill-intentioned criminal now has the keys to someone’s entire identity.

This is a concern for healthcare agencies, not only due to their desire and mandate to protect consumer’s PHI, but because the nature of the cyber crimes they are vulnerable to in pursuit of this information poses other serious risks as well. Between ransomware extortion threats, data breaches, and DDoS attacks (which disrupt network functionality), healthcare agencies are impacted financially, organizationally, and personally. Cyber attacks have an incredibly high cost in lost revenue opportunities, productivity and time-management among personnel, and potentially enduring damage to an institution’s reputation. Still, healthcare agencies are currently fighting an uphill battle to identify and eliminate these threats.

What the Healthcare Cybersecurity Act Requires of Healthcare Agencies

In the face of mounting cybersecurity threats and evidence that Russia in particular continues to target the U.S., the Healthcare Cybersecurity Act aims to improve protection efforts through collaboration, training, and research. Senators Rosen and Cassidy note that “collaboration and information sharing between the public and private sectors is essential to increasing cyber resilience for health-focused entities.” What might this mean for the entities in question?

If the bill is passed, healthcare organizations will likely see the bar raised when it comes to the secure storage and transmission of protected health information. That’s a good thing. To meet this mandate, they will benefit from the increased availability of cybersecurity risk and mitigation training opportunities for personnel. In addition, as CISA studies relevant cybersecurity workforce shortages and proposes solutions, healthcare agencies should see results that include a growing talent pool of qualified cybersecurity professionals — which I is very much needed. Deeper understanding of the challenges healthcare agencies face in securing updated information systems should likewise result in greater availability of smarter, more effective solutions.

While holding cybersecurity efforts to a higher standard, the proposed Healthcare Cybersecurity Act proposed also aims to strengthen the affected entities’ ability to meet or exceed them.

Healthcare Cybersecurity Protections are Critical to Our Future

Both higher cybersecurity standards and better tools for reaching them are critical not only to our personal privacy but to national security. The impacts of cyber crime in healthcare and other sectors are both destabilizing and potentially debilitating. Our healthcare organizations in particular are a vital part of our national infrastructure and must not remain vulnerable to domestic or foreign threats. The costs of cyber crime to both our financial and physical health are simply too high to be sustained.

I applaud Senators Rosen and Cassidy for taking initiative toward improving protection efforts through the Healthcare Cybersecurity Act. Collaboration between the public and private sector is essential to progress in this area, as are bipartisan efforts — I hope to see continued collaboration and momentum in advancing cybersecurity protections wherever they are needed. Let’s keep those medicine cabinets closed and empower our healthcare institutions to protect themselves and their patients.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.

Other insights from Futurum Research:

Nike’s Metaverse Store Paves a Pathway into the Future

ServiceNow Publishes 2022 Global Impact Report Detailing ESG Progress

New Oracle Cloud Infrastructure E4 Dense Compute Inferences to be Powered by AMD EPYC Processors for VMware Users Running Hybrid Cloud Environments

Image Credit: Healthcare Innovation

Author Information

Shelly Kramer is a serial entrepreneur with a technology-centric focus. She has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation.

Related Insights
Compliance as Code Is No Longer Optional: Why Manual Reviews Can’t Keep Up
July 4, 2026

Compliance as Code Is No Longer Optional: Why Manual Reviews Can’t Keep Up

Qodo's 'Compliance as Code' framework automates enterprise AI compliance through PR checks, solving the data privacy and security gaps that plague manual reviews at scale....
Databricks AI’s GPU Reliability Push Exposes Hidden Risks for Large-Scale Training
July 3, 2026

Databricks AI’s GPU Reliability Push Exposes Hidden Risks for Large-Scale Training

Databricks AI reveals critical GPU reliability challenges in distributed training environments. Silent slowdowns and numerical corruption pose greater risks than visible failures, threatening model quality and compute efficiency at enterprise...
Brave's Browser Containers Raise the Bar for Privacy and Workflow Flexibility
July 3, 2026

Brave’s Browser Containers Raise the Bar for Privacy and Workflow Flexibility

As AI platform adoption accelerates to $181.3B projected market size, Brave's v1.92 release introduces native browser containers addressing data privacy concerns for 52.6% of enterprise decision makers managing multi-cloud AI...
NVIDIA Jetson in Lunar Orbit Signals Commercial GPUs Are Ready for Spaceflight
July 1, 2026

NVIDIA Jetson in Lunar Orbit Signals Commercial GPUs Are Ready for Spaceflight

Brendan Burke, Research Director at Futurum, analyzes how Firefly Aerospace's deployment of NVIDIA Jetson in lunar orbit proves commercial GPUs now support demanding long-duration spaceflight missions....
Applied Materials' Master Class Schools Memory Makers on Logic-Class Fabrication
June 30, 2026

Applied Materials’ Master Class Schools Memory Makers on Logic-Class Fabrication

Brendan Burke, Research Director at Futurum, frames Applied Materials' advanced packaging systems for AI-scale HBM and 3D stacking as a logic-memory convergence that could double DRAM equipment spending....
Qualcomm’s Investor Day 2026 Agentic and AI Inference To Drive 2x Revenue Growth by 2030
June 29, 2026

Qualcomm’s Investor Day 2026: Agentic and AI Inference To Drive 2x Revenue Growth by 2030

Olivier Blanchard and Brendan Burke, Research Directors at Futurum, explain the significance of Qualcomm's June 24 Investor Day announcements as the company continues to evolve into a full-stack AI platform...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.