H-ISAC TLP White Hacking Healthcare - Weekly Blog - October 24, 2025

This week, Health-ISAC^®'s Hacking Healthcare^® provides an update on the continuing U.S. government shutdown and negotiations around reauthorization of the Cybersecurity Information Sharing Act of 2015 (“CISA 2015”). We examine what has changed since the shutdown started, what to expect in the event the shutdown is resolved, and some approaches Health-ISAC members may wish to consider given the continuing lack of CISA 2015 protections.  

Welcome back to Hacking Healthcare^®.

CISA 2015 Reauthorization

Despite outspoken support from both Republicans and Democrats, Congress has yet to find a breakthrough to reauthorize CISA 2015. 

In addition to efforts preexisting the shutdown, the most recent development was the introduction of the bi-partisan bill S.2983 -Extending Expired Cybersecurity Authorities Act.^[i] This bill would cleanly reauthorize the CISA 2015 for another 10 years and would retroactively apply to October 1. Additionally, in an attempt to create distance between CISA 2015 and the Cybersecurity and Infrastructure Security Agency (“CISA”) with which it shares an acronym, the bill would rename CISA 2015 to the Protecting America from Cyber Threats Act. Importantly, S. 2983 has passed through the Rule 14 process, a procedure which allows it to be considered on the floor of the Senate without going through the Senate Homeland Security and Government Affairs Committee where Sen. Paul (R-KY) has continued to block attempts to move reauthorization forward. 

Should the bill successfully pass through the senate, it may still have some hurdles to clear with Republicans in the House of Representatives. Some House Republicans have voiced similar concerns as Sen. Paul around the CISA agency, and they may seek to temper any CISA 2015 reauthorization bill, potentially by shortening the length of any reauthorization. 

Finally, it appears that the potential reauthorization of CISA 2015 through the National Defense Authorization Act (“NDAA”), the annual “must pass” end of year legislative package, is in doubt. Neither the Senate NDAA nor the House of Representatives NDAA includes CISA reauthorization language. Democrats in the Senate pointed to Sen. Paul as the reason it failed to make the cut.

View the detailed report below.