Wednesday, July 3, 2024

Review - HR 8415 Introduced – HHS Cybersecurity

In May, Rep Steel (R,CA) introduced HR 8415, the Strengthening Cybersecurity in Health Care Act. The bill would require the Health and Human Service Department Inspector General to conduct penetration tests and other testing procedures to determine how systems processing, transmitting, or storing mission critical or sensitive data by, for, or on behalf of the Department is currently, or could be compromised. No new funding is provided by the bill.

The bill is very similar S 3773, introduced in February by Sen Rubio (R,FL). No action has been taken in the Senate on that legislation.

Moving Forward

While Steel is not a member of the House Energy and Commerce Committee to which this bill was assigned for consideration, one of her cosponsors {Rep Miller-Meeks (R,IA)} is a member of that Committee. This means that there may be sufficient influence to see the bill considered in committee. I suspect that there will be some level of bipartisan support for this legislation, but I am not sure that it would be sufficient to allow the bill to be considered under the suspension of the rules process which requires a super majority for passage.

Commentary

As I noted in my post on S 3773, HHS has little in the way of internal clinics that might be affected by such testing, so it is unlikely that there will be any medical devices covered by the requirements of this bill. I really mention it here because of the unique requirement for IG cybersecurity testing. This is well within the scope of operations of inspectors general, if probably outside of the existing skill sets for those organizations. While not wishing to see CISA’s prominence in government cybersecurity efforts diminished, I think that this might be a good requirement for each inspector general office in the federal government. And it might provide an interesting internal skill set that could be used in other IG investigations.

 

For more details about the provisions of this bill and its differences from S 3773, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8415-introduced - subscription required.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */