Healthcare Cybersecurity Act of 2022: What to Know

On March 23, 2022, lawmakers introduced a new bill, the Healthcare Cybersecurity Act of 2022, which would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on how to improve cybersecurity measures across hospitals and healthcare networks operating in the healthcare and public health sector.

This new bill comes following a warning from the White House that there is an increased risk of cyber threats to American companies from Russia due to the war in Ukraine.

There are three main components to the bill:

  • Require the CISA and HHS to collaborate on improving cybersecurity in the healthcare sector
  • Authorize cybersecurity training for healthcare organizations and ways to mitigate risks to sector information systems
  • Require the CISA to conduct a detailed study on specific cybersecurity risks facing the healthcare industry

Healthcare facilities hold a significant amount of personally identifiable information, making them a target for these attacks. This bill is a good start in the critical improvements needed to increase the healthcare sector’s strength against cyber attacks.


  • Data reported to the Department shows that almost every month in 2020, more than 1,000,000 people were affected by data breaches at healthcare organizations. Cyberattacks on healthcare facilities rose 55% in 2020, and these attacks also resulted in a 16% increase in the average cost of recovering a patient record in 2020 compared to 2019.
  • According to data from the Office for Civil Rights of the Department, health information breaches have increased since 2016. In 2020 alone, the Department reported 663 breaches on covered entities, as defined under the Health Insurance Portability and Accountability Act of 1996 (Public Law 104–191), affecting more than 500 people, with over 33,000,000 total people affected by health information breaches.

Author: Stephanie Maresca, CPA | [email protected] and Jason Spezzano, Executive Cybersecurity Advisor | [email protected]

Contact Us

Contact us for a complimentary consultation to help you independently assess where you stand regarding cyber vulnerability.