[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 498 Introduced in House (IH)]
<DOC>
118th CONGRESS
1st Session
H. R. 498
To amend title V of the Public Health Service Act to secure the suicide
prevention lifeline from cybersecurity incidents, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
January 25, 2023
Mr. Obernolte (for himself and Mr. Cardenas) introduced the following
bill; which was referred to the Committee on Energy and Commerce
_______________________________________________________________________
A BILL
To amend title V of the Public Health Service Act to secure the suicide
prevention lifeline from cybersecurity incidents, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``9-8-8 Lifeline Cybersecurity
Responsibility Act''.
SEC. 2. PROTECTING SUICIDE PREVENTION LIFELINE FROM CYBERSECURITY
INCIDENTS.
(a) Suicide Prevention Lifeline.--Section 520E-3(b) of the Public
Health Service Act (42 U.S.C. 290bb-36c(b)) is amended--
(1) in paragraph (4), by striking ``and'' at the end;
(2) in paragraph (5), by striking the period at the end and
inserting ``; and''; and
(3) by adding at the end the following:
``(6) coordinating with the Chief Information Security
Officer of the Department of Health and Human Services to take
such steps as may be necessary to ensure the program is
protected from cybersecurity incidents and eliminates known
cybersecurity vulnerabilities.''.
(b) Reporting.--Section 520E-3 of the Public Health Service Act (42
U.S.C. 290bb-36c) is amended--
(1) by redesignating subsection (f) as subsection (g); and
(2) by inserting after subsection (e) the following:
``(f) Cybersecurity Reporting.--
``(1) In general.--The program's network administrator
receiving Federal funding pursuant to subsection (a) shall
report to the Assistant Secretary, in a manner that protects
personal privacy, consistent with applicable Federal and State
privacy laws--
``(A) any identified cybersecurity vulnerabilities
to the National Suicide Prevention Lifeline; and
``(B) any identified cybersecurity incidents or
potential incidents to the National Suicide Prevention
Lifeline.
``(2) Notification.--If an entity described in paragraph
(1) discovers a cybersecurity vulnerability, incident, or
potential incident, such entity shall immediately report that
discovery to the Assistant Secretary.
``(3) Clarification.--The cybersecurity incident reporting
requirements under this subsection shall supplement, and not
supplant, cybersecurity incident reporting requirements under
other provisions of applicable Federal law that are in effect
on the date of the enactment of the 9-8-8 Lifeline
Cybersecurity Responsibility Act.''.
(c) Study.--Not later than 180 days after the date of the enactment
of this Act, the Comptroller General of the United States shall--
(1) conduct and complete a study that evaluates
cybersecurity risks and vulnerabilities associated with the 9-
8-8 National Suicide Prevention Lifeline; and
(2) submit a report of the findings of such study to the
Committee on Energy and Commerce of the House of
Representatives and the Committee on Health, Education, Labor,
and Pensions of the Senate.
<all>