Health Care Cybersecurity and Resiliency Act of 2026
Sponsored By: Senator Cassidy, Bill [R-LA]
In Committee
Summary
Strengthen cybersecurity in the Healthcare and Public Health Sector. This bill would pair the Department of Health and Human Services (HHS) with the Cybersecurity and Infrastructure Security Agency (CISA) to set incident response plans, minimum security practices, breach reporting rules, grants, and workforce training.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
7 provisions identified: 5 benefits, 0 costs, 2 mixed.
New minimum cybersecurity rules for providers
If enacted, covered health care entities and their business partners would have to adopt new minimum cybersecurity controls. Required measures would include multifactor authentication (or a successor), encryption safeguards for protected health information, and regular audits including penetration testing. The Secretary would set the regulation dates and give reasonable time for compliance.
New public breach reporting rules
If enacted, breach reports would have to include the number of people affected and the public portal would show corrective actions and whether recognized security practices were considered. The Secretary would expand the definition of recognized security practices to include investments and publish guidance within one year on which practices count and what information entities must submit. The Secretary would also report annually starting within two years on every case where those practices were considered.
Federal coordination on health cyber threats
If enacted, HHS and the Cybersecurity and Infrastructure Security Agency would be required to coordinate on health-sector cybersecurity. They would share threat indicators and defensive measures and make technical resources available to information‑sharing organizations and non‑Federal entities. HHS would lead internal sector oversight through the Assistant Secretary for Preparedness and Response and work with public and private partners.
Help for rural health cyber readiness
If enacted, the Secretary would issue guidance within one year for rural health entities on cyber best practices. Guidance would cover infrastructure upgrades, employee training, Secretary‑issued best practices, and policies to support required incident reporting. GAO would study and report within three years on how rural providers used the guidance and the challenges they faced.
Grants to upgrade health cybersecurity
If enacted, the bill would create grants for public and nonprofit health centers, hospitals, rural clinics, IHS contract facilities, cancer centers, academic centers, and coordinating nonprofit partners. Grants could pay for hiring and training cybersecurity staff, cloud migration and system upgrades, joining threat‑sharing groups, and contracting support. Grants may run up to three years and Congress is authorized to appropriate such sums as necessary for fiscal years 2025–2030.
HHS cybersecurity incident response plan
If enacted, the Secretary would be required to develop and implement a departmental cybersecurity incident response plan within one year. The plan would cover risk assessment, prevention, detection, mitigation, data protection, and rapid recovery for systems used by or on behalf of HHS. The Secretary would consult with CISA, OMB, NIST, and experts and report the plan to Congress 60 days before implementation.
Health care cybersecurity workforce plan
If enacted, HHS would provide cybersecurity training for health‑sector asset owners and operators in coordination with CISA and private experts. HRSA would produce a strategic plan within one year to grow the health care cybersecurity workforce. The plan would include education program recommendations, training materials, best practices, and public‑private collaboration steps.
Sponsors & CoSponsors
Sponsor
Cassidy, Bill [R-LA]
LA • R
Cosponsors
Sen. Hassan, Margaret Wood [D-NH]
NH • D
Sponsored 12/2/2025
Sen. Cornyn, John [R-TX]
TX • R
Sponsored 12/2/2025
Sen. Warner, Mark R. [D-VA]
VA • D
Sponsored 12/2/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.gov