[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 8415 Introduced in House (IH)]

<DOC>






118th CONGRESS
  2d Session
                                H. R. 8415

To require the Inspector General of the Department of Health and Human 
 Services to evaluate the cybersecurity practices and protocols of the 
                  Department, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 15, 2024

 Mrs. Steel (for herself, Mr. Schiff, Mrs. Miller-Meeks, Mr. Ryan, Ms. 
 Spanberger, Mr. Pappas, and Mr. Trone) introduced the following bill; 
       which was referred to the Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
To require the Inspector General of the Department of Health and Human 
 Services to evaluate the cybersecurity practices and protocols of the 
                  Department, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Cybersecurity in 
Health Care Act''.

SEC. 2. EVALUATION OF HHS CYBERSECURITY.

    (a) In General.--Not later than 2 years after the date of enactment 
of this Act, and every 2 years thereafter, the Inspector General of the 
Department of Health and Human Services shall evaluate the 
cybersecurity practices and protocols of the Department through the 
conduct of penetration tests and other testing procedures to determine 
how systems processing, transmitting, or storing mission critical or 
sensitive data by, for, or on behalf of the Department is currently, or 
could be compromised and--
            (1) expose patient data, including Medicare numbers of 
        individuals; or
            (2) impact patient safety.
    (b) Reports.--Not later than 2 years after the date of enactment of 
this Act, and every 2 years thereafter--
            (1) the Secretary of Health and Human Services shall submit 
        to Congress a report that describes how the Secretary will 
        update the cybersecurity practices and protocols of the 
        Department of Health and Human Services to adapt to the latest 
        cyberattack strategies; and
            (2) the Inspector General of the Department of Health and 
        Human Services shall submit to Congress a report that 
        describes--
                    (A) how the Inspector General is currently using 
                Federal funds of the Inspector General to carry out 
                subsection (a); and
                    (B) legislative changes required for the Inspector 
                General to maintain the evaluation described in 
                subsection (a).
                                 <all>