Healthcare Cybersecurity Act of 2022
This bill requires the Department of Health and Human Services (HHS) to undertake activities to improve the cybersecurity of the health care and public health sector.
HHS must coordinate with the Cybersecurity and Infrastructure Security Agency (CISA) on these activities; in particular, CISA must make resources, including cyber-threat indicators and appropriate defense measures, available to federal and nonfederal entities that receive information through HHS programs.
In addition, HHS must provide training on cybersecurity risks and mitigation strategies to owners of assets in the health care and public health sector.
HHS must also update the Healthcare and Public Health Sector Specific Plan, which guides the sector's effort to enhance the security and resilience of critical infrastructure. The updates must address, among other topics, the impact of the risks on rural entities and small- and medium-sized entities, cybersecurity workforce shortages in the sector, and challenges related to the COVID-19 emergency.