Health Care Cybersecurity and Resiliency Act of 2026
If enacted, SB3315 would introduce new standards and best practices for cybersecurity within the healthcare system. It would mandate the adoption of multifactor authentication, the encryption of protected health information, and the conducting of audits to ensure compliance with cybersecurity measures. These provisions are anticipated to significantly lower cybersecurity risks by requiring entities to update their infrastructure and by providing them with access to federal resources aimed at improving their cyber defense capabilities. Furthermore, grants would be made available to support the adoption of these best practices, particularly for rural healthcare facilities that may lack robust cybersecurity measures.
SB3315, known as the Health Care Cybersecurity and Resiliency Act of 2025, aims to enhance cybersecurity within the healthcare and public health sectors. This legislation requires the Secretary of Health and Human Services (HHS) and the Director of the Cybersecurity and Infrastructure Security Agency to work together and coordinate efforts to improve the cybersecurity infrastructure and resilience of entities operating in this critical area. A significant aspect of this bill is its emphasis on the need for a collaborative approach to address cybersecurity threats and enhance protective measures.
Despite overall support for improving cybersecurity, there may be concerns about the implementation of stringent requirements and the ability of smaller health entities to comply without adequate resources. There are fears that the costs associated with compliance could disproportionately affect rural and smaller healthcare providers, thereby impacting their operational viability. Additionally, some stakeholders might be apprehensive about governmental oversight and the details of incident reporting requirements, which they may view as burdensome.