A new bill introduced in the House aims to strengthen cybersecurity across the nation’s healthcare system amid a rise in data breaches targeting hospitals and public health providers.
The Healthcare Cybersecurity Act of 2025, introduced by Rep. Jason Crow, D-Colo., would require the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency to collaborate more closely to protect healthcare technology, patient data and medical infrastructure from cyber threats.
If enacted, the bill would:
- Require the Cybersecurity and Infrastructure Security Agency to assign a dedicated cybersecurity liaison to HHS to improve coordination during attacks.
- Provide training and resources to hospitals — particularly smaller and rural providers — on how to prevent and respond to cyber incidents.
- Update the federal Healthcare Sector Risk Management Plan to include an assessment of current vulnerabilities, workforce shortages and best practices.
- Identify and maintain a list of “high-risk” health assets, such as critical hospital systems and infrastructure, to prioritize federal support.
- Mandate several reports to Congress outlining efforts and progress in improving cybersecurity across the sector.
The bill has been referred to the appropriate House committees for consideration.
