Thursday, April 25, 2024

Review - S 3773 Introduced – HHS Cybersecurity Testing

In February, Sen Rubio (R,FL) introduced S 3773, the Strengthening Cybersecurity in Health Care Act. The bill would require the Health and Human Service Department Inspector General to conduct penetration tests and other testing procedures to determine how systems processing, transmitting, or storing mission critical or sensitive data by, for, or on behalf of the Department is currently, or could be compromised. No new funding is provided by the bill.

Moving Forward

While Rubio is not a member of the Senate Health, Education, Labor, and Pensions Committee to which this bill was assigned for consideration, one of his three cosponsors {Sen Hassan (D,NH)} is a member. This means that there may be sufficient influence to see the bill considered in Committee. I do not see anything that would engender any organized opposition to the bill. I suspect that there would be some level of bipartisan support for the legislation if it were considered.

This bill is not politically important enough to consume the time necessary for consideration in the Senate under regular order. This bill might be able to pass under the Senate’s unanimous consent process, but that process always faces the potential for opposition unrelated to the provisions of the bill. This bill is well suited to being included in the annual HHS spending bill and Rubio, a member of the Senate Appropriations Committee, is well placed to see that happen.

Commentary

HHS has little in the way of internal clinics that might be affected by such testing, so it is unlikely that there will be any medical devices covered by the requirements of this bill. I really mention it here because of the unique requirement for IG cybersecurity testing. This is well within the scope of operations of inspectors general, if probably outside of the existing skill sets for those organizations. While not wishing to CISA’s prominence in government cybersecurity efforts diminished, I think that this might be a good requirement for each inspector general office in the federal government. And it might provide an interesting internal skill set that could be used in other IG investigations.

 

For more details about the provisions of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-3773-introduced - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */