Between 2018 and 2022, reported data breaches in the healthcare sector increased by 93%. In 2022 alone, 626 breaches impacted over 42 million people. Cyberattacks, especially ransomware, have a detrimental effect on healthcare providers and patients. Consequences include delayed diagnoses and cancelled surgeries, compromised patient safety and care quality, disruption of critical hospital operations, and exposure of millions of individuals' protected health information. Cyber incidents in the healthcare industry result in enormous financial impacts. The 2024 Change Healthcare ransomware attack had a cost estimated in the billions of dollars. Other large-scale breaches have led to hundreds of millions in financial losses. Many healthcare entities, particularly smaller and rural providers, lack the resources, expertise, and staff to manage growing cybersecurity threats effectively. The bill seeks to address this operational gap. Advocates say that while the Healthcare Insurance Portability and Accountability Act (HIPAA) provides security rules, the healthcare sector needs more coordination with federal cybersecurity agencies to improve operational readiness and incident response.

Pending Legislation: H.R.3841 - Healthcare Cybersecurity Act of 2025
Sponsor: Rep. Jason Crow (CO)
Status: Referred to the House Committee on Homeland Security, and to the House Committee on Energy and Commerce, for a period to be subsequently determined by the Speaker
House Speaker: Speaker Mike Johnson (LA)