Current status is Read twice and referred to the Committee on Health, Education, Labor, and Pensions.

119th CONGRESS

1st Session

S. 2169

1. Short title
2. Definitions
3. Rural hospital cybersecurity workforce development strategy
4. Instructional materials for rural hospitals
5. No additional funds

1. Short title

This Act may be cited as the "Rural Hospital Cybersecurity Enhancement Act".

2. Definitions

In this Act:

(1) Agency - The term agency has the meaning given the term in section 551 of title 5, United States Code.

(2) Appropriate committees of Congress - The term "appropriate committees of Congress" means—

(A) - the Committee on Health, Education, Labor, and Pensions of the Senate; and

(B) - the Committee on Energy and Commerce of the House of Representatives.

(3) Geographic division - The term geographic division means a geographic division that is among the 9 geographic divisions determined by the Bureau of the Census.

(4) Rural hospital - The term rural hospital means a healthcare facility that—

(A) - is located in a non-urbanized area, as determined by the Bureau of the Census; and

(B) - provides inpatient and outpatient healthcare services, including primary care, emergency care, and diagnostic services.

(5) Secretary - The term Secretary means the Secretary of Health and Human Services.

3. Rural hospital cybersecurity workforce development strategy

(a) In general - Not later than 1 year after the date of enactment of this Act, the Secretary shall develop and transmit to the appropriate committees of Congress a comprehensive rural hospital cybersecurity workforce development strategy to address the growing need for skilled cybersecurity professionals in rural hospitals.

(b) Consultation

(1) Agencies - In carrying out subsection (a), the Secretary may consult with the Director of the Cybersecurity and Infrastructure Security Agency, the Secretary of Education, the Secretary of Labor, and any other appropriate head of an agency.

(2) Providers - In carrying out subsection (a), the Secretary shall consult with not fewer than 2 representatives of rural healthcare providers from each geographic division in the United States.

(c) Considerations - The rural hospital cybersecurity workforce development strategy developed under subsection (a) shall, at a minimum, consider the following components:

(1) - Partnerships between rural hospitals, non-rural healthcare systems, educational institutions, private sector entities, and nonprofit organizations to develop, promote, and expand the rural hospital cybersecurity workforce, including through education and training programs tailored to the needs of rural hospitals.

(2) - The development of a cybersecurity curriculum and teaching resources that focus on teaching technical skills and abilities related to cybersecurity in rural hospitals for use in community colleges, vocational schools, and other educational institutions located in rural areas.

(3) - Identification of—

(A) - cybersecurity workforce challenges that are specific to rural hospitals, as well as challenges that are relative to hospitals generally; and

(B) - common practices to mitigate both sets of challenges described in subparagraph (A).

(4) - Recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy.

(d) Annual briefing - Not later than 60 days after the date on which the first full fiscal year ends following the date on which the Secretary transmits the rural hospital cybersecurity workforce development strategy developed under subsection (a), and not later than 60 days after the date on which each fiscal year thereafter ends, the Secretary shall provide a briefing to the appropriate committees of Congress that includes, at a minimum, information relating to—

(1) - updates to the rural hospital cybersecurity workforce development strategy, as appropriate;

(2) - any programs or initiatives established pursuant to the rural hospital cybersecurity workforce development strategy, as well as the number of individuals trained or educated through such programs or initiatives;

(3) - additional recommendations for legislation, rulemaking, or guidance to implement the components of the rural hospital cybersecurity workforce development strategy; and

(4) - the effectiveness of the rural hospital cybersecurity workforce development strategy in addressing the need for skilled cybersecurity professionals in rural hospitals.

4. Instructional materials for rural hospitals

(a) In general - Not later than 1 year after the date of enactment of this Act, the Secretary shall make available instructional materials for rural hospitals that can be used to train staff on fundamental cybersecurity efforts.

(b) Duties - In carrying out subsection (a), the Secretary shall—

(1) - consult with appropriate heads of agencies, experts in cybersecurity education, and rural healthcare experts;

(2) - identify existing cybersecurity instructional materials that can be adapted for use in rural hospitals and create new materials as needed; and

(3) - conduct an awareness campaign to promote the materials available to rural hospitals developed under subsection (a).

5. No additional funds

No additional funds are authorized to be appropriated for the purpose of carrying out this Act.

119-S2169

A bill to require the development of a comprehensive rural hospital cybersecurity workforce development strategy, and for other purposes.