WASHINGTON — Today, Congressman Brian Fitzpatrick (PA-1), Chairman of the CIA Subcommittee on the House Permanent Select Committee on Intelligence (HPSCI), has introduced new bipartisan legislation to confront one of the fastest-growing threats to American families: cyberattacks targeting our healthcare system.

The Healthcare Cybersecurity Act, co-led by Congressman Jason Crow (D-CO-06) and backed in the Senate by Senators Jacky Rosen (D-NV) and Todd Young (R-IN), would strengthen federal coordination and equip frontline health providers with the tools needed to detect, prevent, and respond to cyber intrusions in real time.

In 2021 alone, over 46 million Americans had their personal health information compromised in cyber breaches—an alarming tripling of incidents over just three years. These attacks have shut down hospitals, delayed care, exposed patients’ most sensitive data, and—in some cases—left that data circulating on the dark web.

Fitzpatrick’s would help safeguard Americans’ private medical data by requiring greater coordination at the federal level to ensure that government agencies stand ready to respond to the increasing threat posed by cyberattacks.

“Cyberattacks on our healthcare system endanger more than data—they put lives at risk. I’ve long worked to strengthen our nation’s cyber defenses where Americans are most exposed, from small businesses to hospitals. This bipartisan bill takes direct, strategic action: empowering CISA and HHS to coordinate real-time threat sharing, expanding cybersecurity training for providers, and establishing a dedicated liaison to bolster response. We’re not just responding to attacks—we’re building the infrastructure to prevent them, protect patient privacy, and defend a vital pillar of our national security,” said Congressman Fitzpatrick.

“As technology advances, we must do more to protect Americans' sensitive data,” said Congressman Crow. “That’s why I’m leading bipartisan legislation to strengthen our defenses and protect families from cyberattackers.”

Specifically, the Healthcare Cybersecurity Act would:

1. Require the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services (HHS) to coordinate efforts to identify and mitigate cybersecurity threats to the healthcare and public health sectors;
2. Establish a formal liaison between CISA and HHS to improve communication, threat analysis, and incident response;
3. Authorize comprehensive cybersecurity training for healthcare providers and personnel; and
4. Direct both agencies to conduct a joint study identifying specific cybersecurity vulnerabilities and risks within the sector.

Fitzpatrick has led bipartisan efforts to strengthen America’s cyber defenses and modernize national security. As Chairman of the CIA Subcommittee, he helps oversee the Intelligence Community’s work to counter cyber aggression, foreign surveillance, terrorism, and emerging threats. Prior to Congress, he served as an FBI Special Agent focused on national security and cybercrime—experience that continues to shape his leadership today.

This legislation reaffirms Fitzpatrick’s mission to defend Americans’ data, safeguard access to care, and build a more secure, resilient digital future.

###