Senate holds hearing on health care cybersecurity and patient privacy

Jul 09, 2025 - 02:57 PM
Symantic cyberattack. A woman typing on a laptop and on her mobile phone responding to a cyberattack.

In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy, the AHA said the highest cyber risk for patient data is often through third-party service and software providers. The AHA encouraged Congress to use federal agencies and resources to protect hospitals and health systems, and in turn the patients they serve, by combating international cyber threats and supporting funding for cybersecurity training and workforce, especially in rural areas.  

“Hospitals and health systems have invested billions of dollars and taken many steps to protect patients and defend their networks from cyberattacks that can disrupt patient care and erode privacy by the loss of personal health care data,” AHA said in its statement. “Any cyberattack on the health care sector that disrupts or delays patient care creates a risk to patient safety and crosses the line from an economic crime to a threat-of-life crime. These attacks should be aggressively pursued and prosecuted by the federal government.”  

The AHA also recommended reducing administrative burdens, like making the Health Insurance Portability and Accountability Act of 1996 cybersecurity requirements voluntary and strengthening the HIPAA preemption.  

“Rural hospitals are struggling under the crushing weight of these existing policies and thus support efforts to reduce and streamline regulatory burdens,” said hearing witness Linda Stevenson, chief information officer of Fisher-Titus Medical Center, a rural hospital in Ohio. In written testimony, she said, “We must shift away from punitive approaches that penalize providers who are targeted by malicious actors. These only worsen the burden and divert resources away from patient care. Instead, we need supportive policies that empower healthcare providers to strengthen their cyber defenses.” 

Related News Articles

Headline
CISA warns of vulnerability in F5 BIG-IP products
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
AHA blog: 2025 Cybersecurity Year in Review, Part One — Breaches and Defensive Measures
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Protecting Patients and Hospitals from Cyberattacks
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
HSCC launches toolkit to strengthen essential health care services and prevent cyberattacks
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…
AHA Cyber Intel
2025 Cybersecurity Year in Review, Part One: Breaches and Defensive Measures
As of Oct. 3, 2025, 364 hacking incidents had been reported to the U.S. Department of Health and Human Services Office for Civil Rights, affecting over 33…
Headline
Urgent action recommended on critical Oracle vulnerability
The AHA Oct. 6 released a Cybersecurity Advisory urging immediate action against a critical Oracle E-Business Suite vulnerability that is remotely exploitable…