Strengthening Cybersecurity in Health Care Act

This Act may be cited as the Strengthening Cybersecurity in Health Care Act.

Not later than 2 years after the date of enactment of this Act, and every 2 years thereafter, the Inspector General of the Department of Health and Human Services shall evaluate the cybersecurity practices and protocols of the Department through the conduct of penetration tests and other testing procedures to determine how systems processing, transmitting, or storing mission critical or sensitive data by, for, or on behalf of the Department is currently, or could be compromised and—

(1) expose patient data, including Medicare numbers of individuals; or

(2) impact patient safety.

Not later than 2 years after the date of enactment of this Act, and every 2 years thereafter—

(1) the Secretary of Health and Human Services shall submit to Congress a report that describes how the Secretary will update the cybersecurity practices and protocols of the Department of Health and Human Services to adapt to the latest cyberattack strategies; and

(2) the Inspector General of the Department of Health and Human Services shall submit to Congress a report that describes—

(A) how the Inspector General is currently using Federal funds of the Inspector General to carry out subsection (a); and

(B) additional funding or legislative changes required for the Inspector General to maintain the evaluation described in subsection (a).