Summary

Requires CISA and HHS to strengthen cybersecurity for the Healthcare and Public Health Sector by designating a liaison, updating the sector-specific cybersecurity plan, offering training to owners/operators of covered assets, creating objective criteria and a list for high‑risk covered assets, and delivering multiple reports to Congress. The law emphasizes coordination, threat information sharing, and workforce assessment but does not appropriate new funds or expand agency legal authorities beyond existing law.

Key Points

• Directs CISA and HHS to deepen coordination and information sharing for healthcare sector cybersecurity.
• Requires a qualified liaison to be appointed to improve federal-sector communication and coordination.
• Mandates a sector-specific cybersecurity plan update within one year, including risk analysis and workforce assessment.
• Requires training be made available to owners and operators of covered healthcare assets on cyber risks and mitigation.
• Allows creation of objective criteria and a government list of “high-risk” covered assets to help prioritize support.
• Calls for an Agency report within 120 days and a GAO report within 18 months on federal support and resources.
• Affirms the Act does not create new authority to infringe constitutional rights or authorize new appropriations.
• Emphasizes attention to rural, small, and medium covered assets and workforce shortages.

Categories & Tags