The bill is particularly impactful considering the rise in cyber incidents affecting healthcare, with reported breaches increasing by 107% since 2018. It stipulates that by one year post-enactment, CISA must update the sector-specific risk management plan, which should include evaluations of how such risks affect rural and small to medium-sized assets. Additionally, the Secretary is tasked with identifying high-risk covered assets using objective criteria, which will inform resource allocation towards enhancing the cybersecurity resilience of these critical infrastructure components.
Summary
SB1851, known as the Healthcare Cybersecurity Act of 2025, aims to significantly enhance the cybersecurity posture of the Healthcare and Public Health Sector. As cyberattacks increasingly target medical facilities and their data systems, the bill emphasizes the need for improved coordination between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services. The legislation mandates a comprehensive assessment of cybersecurity risks specific to covered assets, which include technologies, services, and utilities within this sector, along with the deployment of updated risk management plans to address these vulnerabilities.
Contention
While the focus on cybersecurity in healthcare is broadly supported, there may be points of contention regarding the implementation and oversight of these measures. Opponents could argue that the compliance burden on healthcare facilities, particularly smaller entities, may be exacerbated due to stringent requirements outlined in the bill without corresponding funding or resources. Furthermore, the lack of provisions for additional funding to carry out these initiatives may raise concerns among stakeholders regarding the feasibility and effectiveness of enhancing cybersecurity across the sector.
Creates the healthcare worker platform act that requires platforms offering healthcare shifts to register with the Rhode Island department of health while exempting them from being classified as nursing service agencies.
To Prohibit Healthcare Insurers From Exercising Recoupment For Payment Of Healthcare Services More Than One Year After The Payment For Healthcare Services Was Made.
Requires insurers to pay electronic claims for healthcare coverage within 14 calendar days of receipt. Permits healthcare providers to dispute claim denials within 60 days and empowers the secretary of EOHHS to establish penalties for violations.