[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 3773 Introduced in Senate (IS)]

<DOC>






118th CONGRESS
  2d Session
                                S. 3773

To require the Inspector General of the Department of Health and Human 
 Services to evaluate the cybersecurity practices and protocols of the 
                  Department, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

             February 8 (legislative day, February 7), 2024

     Mr. Rubio (for himself, Mr. King, Mr. Tillis, and Ms. Hassan) 
introduced the following bill; which was read twice and referred to the 
          Committee on Health, Education, Labor, and Pensions

_______________________________________________________________________

                                 A BILL


 
To require the Inspector General of the Department of Health and Human 
 Services to evaluate the cybersecurity practices and protocols of the 
                  Department, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Cybersecurity in 
Health Care Act''.

SEC. 2. EVALUATION OF HHS CYBERSECURITY.

    (a) In General.--Not later than 2 years after the date of enactment 
of this Act, and every 2 years thereafter, the Inspector General of the 
Department of Health and Human Services shall evaluate the 
cybersecurity practices and protocols of the Department through the 
conduct of penetration tests and other testing procedures to determine 
how systems processing, transmitting, or storing mission critical or 
sensitive data by, for, or on behalf of the Department is currently, or 
could be compromised and--
            (1) expose patient data, including Medicare numbers of 
        individuals; or
            (2) impact patient safety.
    (b) Reports.--Not later than 2 years after the date of enactment of 
this Act, and every 2 years thereafter--
            (1) the Secretary of Health and Human Services shall submit 
        to Congress a report that describes how the Secretary will 
        update the cybersecurity practices and protocols of the 
        Department of Health and Human Services to adapt to the latest 
        cyberattack strategies; and
            (2) the Inspector General of the Department of Health and 
        Human Services shall submit to Congress a report that 
        describes--
                    (A) how the Inspector General is currently using 
                Federal funds of the Inspector General to carry out 
                subsection (a); and
                    (B) additional funding or legislative changes 
                required for the Inspector General to maintain the 
                evaluation described in subsection (a).
                                 <all>