Requires coordination between the Secretary of Health and Human Services and the Director of the Cybersecurity and Infrastructure Security Agency to enhance cybersecurity in the healthcare and public health sectors.
Mandates the development of resources and information sharing related to cybersecurity threats and defenses for healthcare entities.
Establishes oversight responsibilities for cybersecurity activities within the Department of Health and Human Services.
Requires the Secretary to create a cybersecurity incident response plan within one year of enactment, detailing processes for preparation and response to cybersecurity incidents.
Updates breach reporting regulations to include corrective actions taken against entities and the number of individuals affected by breaches.
Enhances recognition of security practices by requiring guidance on implementation and annual reporting on the effectiveness of these practices.
Mandates the adoption of specific cybersecurity practices, such as multifactor authentication and encryption, by covered entities and business associates.
Directs the Secretary to provide guidance on cybersecurity readiness specifically for rural entities, including best practices and strategies for improvement.
Authorizes grants for eligible entities to adopt cybersecurity best practices, with specific uses for the funds outlined.
Establishes a training program for healthcare experts on cybersecurity risks and mitigation strategies.
Requires the development of a strategic plan to grow the cybersecurity workforce in the healthcare sector, including educational recommendations and collaboration opportunities.