9–8–8 Lifeline Cybersecurity Responsibility Act
Sponsored By: Senator Markwayne Mullin
Introduced
Summary
Securing the 9-8-8 Lifeline from cybersecurity incidents. This bill would require new coordination and faster reporting rules to protect the national suicide prevention Lifeline from cyber vulnerabilities and incidents.
Show full summary
- Callers and households: Aims to protect Lifeline service availability by targeting known cybersecurity vulnerabilities and incidents for quicker attention.
- Local and regional crisis centers: Must report identified cybersecurity vulnerabilities or incidents to the program’s network administrator within 24 hours, with reports conditioned on privacy protections and applicable law.
- Network administrators that receive Federal funding: Must notify the HHS Assistant Secretary within 24 hours of discovering or receiving notice of a vulnerability or incident and coordinate with the Department of Health and Human Services Chief Information Security Officer to address problems.
- Technology oversight: Local and regional crisis centers will oversee the technology they use unless a network participation agreement assigns that oversight to the network administrator.
- Accountability and review: Requires the Comptroller General to study 9-8-8 cybersecurity risks and vulnerabilities and report to the House Committee on Energy and Commerce and the Senate Committee on Health, Education, Labor, and Pensions within 180 days.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
1 provisions identified: 1 benefits, 0 costs, 0 mixed.
Stronger cybersecurity for 9-8-8 Lifeline
This bill would require the 9-8-8 Lifeline to coordinate with the HHS Chief Information Security Officer. They would take steps to fix known security flaws and better protect callers. Local and regional crisis centers would have to report cyber vulnerabilities or incidents to their network administrator within 24 hours. The federally funded network administrator would then have to report to the Assistant Secretary within 24 hours. Reports must protect personal privacy and follow Federal and State privacy laws. By default, each crisis center would oversee the technology it uses unless a participation agreement gives oversight to the network administrator. The bill would also require a Comptroller General study on 9-8-8 cybersecurity risks within 180 days of enactment.
Sponsors & CoSponsors
Sponsor
Markwayne Mullin
OK • R
Cosponsors
Sen. Padilla, Alex [D-CA]
CA • D
Sponsored 3/12/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.gov