Sponsors (4)
The bill improves 9-8-8 cybersecurity, reliability, and accountability—benefiting callers and aiding congressional oversight—but does so at the cost of added compliance and administrative burdens on local crisis centers and networks, which may divert resources from direct services and create uneven privacy protection across jurisdictions.
People who call the 9-8-8 Lifeline (including people with chronic conditions and people with disabilities) will get more reliable access and stronger protections for caller data because the bill requires incident reporting, monitoring, and remediation to reduce service disruptions and data breaches.
State and federal policymakers (and indirectly the public) will get an independent GAO study within 180 days assessing cybersecurity risks and options, improving Congress's ability to oversee and strengthen Lifeline resilience.
Local crisis centers and network administrators (including local governments and hospital systems) will face added compliance costs to implement reporting, monitoring, and vulnerability remediation requirements.
Local crisis center staff and the people they serve (including callers with chronic conditions and disabilities) may see frontline counseling resources reduced because tighter reporting and data-handling requirements could create administrative burdens that divert staff time from direct services.
Callers' privacy protections could be uneven across jurisdictions (affecting people with chronic conditions and disabilities) if the bill's reporting timelines or privacy safeguards are phrased as a 'reasonable amount of time' and are implemented inconsistently.
Based on analysis of 2 sections of legislative text.
Requires 9‑8‑8 network operators and participating centers to remediate vulnerabilities, report cybersecurity incidents to HHS promptly, and directs GAO to study Lifeline cybersecurity within 180 days.
Introduced February 4, 2025 by Jay Obernolte · Last progress February 4, 2025
Requires the federal 9‑8‑8 National Suicide Prevention Lifeline network to address known cybersecurity weaknesses and to report cybersecurity incidents and vulnerabilities to the Department of Health and Human Services (the Assistant Secretary) within a reasonable time. It clarifies the oversight role of federally funded network administrators over participating local and regional crisis centers and directs the Government Accountability Office (GAO) to complete a study of 9‑8‑8 cybersecurity risks and deliver a report to two congressional committees within 180 days of enactment.