[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 1560 Reported in Senate (RS)]
<DOC>
Calendar No. 381
118th CONGRESS
2d Session
S. 1560
[Report No. 118-170]
To require the development of a comprehensive rural hospital
cybersecurity workforce development strategy, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
May 11, 2023
Mr. Hawley (for himself, Mr. Peters, Mr. Ossoff, Mr. Warnock, and Ms.
Rosen) introduced the following bill; which was read twice and referred
to the Committee on Homeland Security and Governmental Affairs
May 9, 2024
Reported by Mr. Peters, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To require the development of a comprehensive rural hospital
cybersecurity workforce development strategy, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``Rural Hospital
Cybersecurity Enhancement Act''.</DELETED>
<DELETED>SEC. 2. DEFINITIONS.</DELETED>
<DELETED> In this Act:</DELETED>
<DELETED> (1) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--</DELETED>
<DELETED> (A) the Committee on Homeland Security and
Governmental Affairs of the Senate; and</DELETED>
<DELETED> (B) the Committee on Homeland Security of
the House of Representatives.</DELETED>
<DELETED> (2) Director.--The term ``Director'' means the
Director of the Cybersecurity and Infrastructure Security
Agency.</DELETED>
<DELETED> (3) Rural hospital.--The term ``rural hospital''
means a healthcare facility that--</DELETED>
<DELETED> (A) is located in a non-urbanized area, as
determined by the Bureau of the Census; and</DELETED>
<DELETED> (B) provides inpatient and outpatient
healthcare services, including primary care, emergency
care, and diagnostic services.</DELETED>
<DELETED> (4) Secretary.--The term ``Secretary'' means the
Secretary of Homeland Security.</DELETED>
<DELETED>SEC. 3. RURAL HOSPITAL CYBERSECURITY WORKFORCE DEVELOPMENT
STRATEGY.</DELETED>
<DELETED> (a) In General.--Not later than 1 year after the date of
enactment of this Act, the Secretary, acting through the Director,
shall develop and transmit to the appropriate committees of Congress a
comprehensive rural hospital cybersecurity workforce development
strategy to address the growing need for skilled cybersecurity
professionals in rural hospitals.</DELETED>
<DELETED> (b) Consultation.--</DELETED>
<DELETED> (1) Agencies.--In carrying out subsection (a), the
Secretary and Director may consult with the Secretary of Health
and Human Services, the Secretary of Education, and the
Secretary of Labor.</DELETED>
<DELETED> (2) Providers.--In carrying out subsection (a),
the Secretary shall consult with rural healthcare providers
from each geographic region in the United States.</DELETED>
<DELETED> (c) Considerations.--The rural hospital cybersecurity
workforce development strategy developed under subsection (a) shall, at
a minimum, consider the following components:</DELETED>
<DELETED> (1) Partnerships between rural hospitals,
educational institutions, private sector entities, and
nonprofit organizations to develop, promote, and expand
cybersecurity education and training programs tailored to the
needs of rural hospitals.</DELETED>
<DELETED> (2) The development of a cybersecurity curriculum
and teaching resources that focus on teaching technical skills
and abilities related to cybersecurity in rural hospitals for
use in community colleges, vocational schools, and other
educational institutions located in rural areas.</DELETED>
<DELETED> (3) Recommendations for legislation, rulemaking,
or guidance to implement the components of the rural hospital
cybersecurity workforce development strategy.</DELETED>
<DELETED> (d) Annual Review.--Not later than 60 days after the date
on which the first full fiscal year ends following the date on which
the Secretary transmits the rural hospital cybersecurity workforce
development strategy developed under subsection (a), and not later than
60 days after the date on which each fiscal year thereafter ends, the
Secretary shall submit to the appropriate committees of Congress a
report that includes, at a minimum, information relating to--</DELETED>
<DELETED> (1) updates to the rural hospital cybersecurity
workforce development strategy, as appropriate;</DELETED>
<DELETED> (2) any programs or initiatives established
pursuant to the rural hospital cybersecurity workforce
development strategy, as well as the number of individuals
trained or educated through such programs or
initiatives;</DELETED>
<DELETED> (3) additional recommendations for legislation,
rulemaking, or guidance to implement the components of the
rural hospital cybersecurity workforce development strategy;
and</DELETED>
<DELETED> (4) the effectiveness of the rural hospital
cybersecurity workforce development strategy in addressing the
need for skilled cybersecurity professionals in rural
hospitals.</DELETED>
<DELETED>SEC. 4. INSTRUCTIONAL MATERIALS FOR RURAL HOSPITALS.</DELETED>
<DELETED> (a) In General.--Not later than 1 year after the date of
enactment of this Act, the Director shall make available instructional
materials for rural hospitals that can be used to train staff on
fundamental cybersecurity efforts.</DELETED>
<DELETED> (b) Duties.--In carrying out subsection (a), the Director
shall--</DELETED>
<DELETED> (1) consult with experts in cybersecurity
education and rural healthcare experts;</DELETED>
<DELETED> (2) identify existing cybersecurity instructional
materials that can be adapted for use in rural hospitals and
create new materials as needed; and</DELETED>
<DELETED> (3) conduct an awareness campaign to promote the
materials available to rural hospitals developed under
subsection (a).</DELETED>
<DELETED>SEC. 5. IMPLEMENTATION.</DELETED>
<DELETED> Any action undertaken pursuant to this Act shall not be
subject to chapter 10 of title 5, United States Code.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Rural Hospital Cybersecurity
Enhancement Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Agency.--The term ``agency'' has the meaning given the
term in section 551 of title 5, United States Code.
(2) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--
(A) the Committee on Homeland Security and
Governmental Affairs of the Senate; and
(B) the Committee on Homeland Security of the House
of Representatives.
(3) Director.--The term ``Director'' means the Director of
the Cybersecurity and Infrastructure Security Agency.
(4) Geographic division.--The term ``geographic division''
means a geographic division that is among the 9 geographic
divisions determined by the Bureau of the Census.
(5) Rural hospital.--The term ``rural hospital'' means a
healthcare facility that--
(A) is located in a non-urbanized area, as
determined by the Bureau of the Census; and
(B) provides inpatient and outpatient healthcare
services, including primary care, emergency care, and
diagnostic services.
(6) Secretary.--The term ``Secretary'' means the Secretary
of Homeland Security.
SEC. 3. RURAL HOSPITAL CYBERSECURITY WORKFORCE DEVELOPMENT STRATEGY.
(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Secretary, acting through the Director, shall develop
and transmit to the appropriate committees of Congress a comprehensive
rural hospital cybersecurity workforce development strategy to address
the growing need for skilled cybersecurity professionals in rural
hospitals.
(b) Consultation.--
(1) Agencies.--In carrying out subsection (a), the
Secretary and Director may consult with the Secretary of Health
and Human Services, the Secretary of Education, the Secretary
of Labor, and any other appropriate head of an agency.
(2) Providers.--In carrying out subsection (a), the
Secretary shall consult with not less than 2 representatives of
rural healthcare providers from each geographic division in the
United States.
(c) Considerations.--The rural hospital cybersecurity workforce
development strategy developed under subsection (a) shall, at a
minimum, consider the following components:
(1) Partnerships between rural hospitals, non-rural
healthcare systems, educational institutions, private sector
entities, and nonprofit organizations to develop, promote, and
expand the rural hospital cybersecurity workforce, including
through education and training programs tailored to the needs
of rural hospitals.
(2) The development of a cybersecurity curriculum and
teaching resources that focus on teaching technical skills and
abilities related to cybersecurity in rural hospitals for use
in community colleges, vocational schools, and other
educational institutions located in rural areas.
(3) Identification of--
(A) cybersecurity workforce challenges that are
specific to rural hospitals, as well as challenges that
are relative to hospitals generally; and
(B) common practices to mitigate both sets of
challenges described in subparagraph (A).
(4) Recommendations for legislation, rulemaking, or
guidance to implement the components of the rural hospital
cybersecurity workforce development strategy.
(d) Annual Briefing.--Not later than 60 days after the date on
which the first full fiscal year ends following the date on which the
Secretary transmits the rural hospital cybersecurity workforce
development strategy developed under subsection (a), and not later than
60 days after the date on which each fiscal year thereafter ends, the
Secretary shall provide a briefing to the appropriate committees of
Congress that includes, at a minimum, information relating to--
(1) updates to the rural hospital cybersecurity workforce
development strategy, as appropriate;
(2) any programs or initiatives established pursuant to the
rural hospital cybersecurity workforce development strategy, as
well as the number of individuals trained or educated through
such programs or initiatives;
(3) additional recommendations for legislation, rulemaking,
or guidance to implement the components of the rural hospital
cybersecurity workforce development strategy; and
(4) the effectiveness of the rural hospital cybersecurity
workforce development strategy in addressing the need for
skilled cybersecurity professionals in rural hospitals.
SEC. 4. INSTRUCTIONAL MATERIALS FOR RURAL HOSPITALS.
(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Director shall make available instructional materials
for rural hospitals that can be used to train staff on fundamental
cybersecurity efforts.
(b) Duties.--In carrying out subsection (a), the Director shall--
(1) consult with appropriate heads of agencies, experts in
cybersecurity education, and rural healthcare experts;
(2) identify existing cybersecurity instructional materials
that can be adapted for use in rural hospitals and create new
materials as needed; and
(3) conduct an awareness campaign to promote the materials
available to rural hospitals developed under subsection (a).
SEC. 5. NO ADDITIONAL FUNDS.
No additional funds are authorized to be appropriated for the
purpose of carrying out this Act.
Calendar No. 381
118th CONGRESS
2d Session
S. 1560
[Report No. 118-170]
_______________________________________________________________________
A BILL
To require the development of a comprehensive rural hospital
cybersecurity workforce development strategy, and for other purposes.
_______________________________________________________________________
May 9, 2024
Reported with an amendment