On February 26, the Senate Health, Education, Labor and Pensions (HELP) Committee passed the Health Care Cybersecurity and Resiliency Act (S. 3315) by a vote of 22-1. This legislation would establish new minimum cybersecurity standards for HIPAA‑regulated entities—including multifactor authentication, data encryption, penetration testing, and regular security audits—while strengthening federal coordination through HHS and CISA and requiring a comprehensive cybersecurity incident response plan. It also updates breach reporting rules, mandates publication of corrective actions after incidents, and designates the Administration for Strategic Preparedness and Response (ASPR) as the Sector Risk Management Agency for healthcare. This bipartisan bill has been of interest since recent cybersecurity threats have crippled parts of the health care industry.
