Analyses / Public Summary / 119 · S 3315 Public Summary

119-S-3315 Journalist Public Summary

119 · S 3315 Health Care Cybersecurity and Resiliency Act of 2026

health_and_safety Health

A bipartisan Senate bill would set baseline cybersecurity rules for health care (like MFA, encryption, and testing), fund upgrades—especially for rural providers—and require HHS and CISA to work in tandem; it cleared the Senate HELP Committee on February 26, 2026. (congress.gov)

Analyzed as
Journalist
Published
27 Feb 2026
Updated
27 Feb 2026
Tags
US Congress · Cybersecurity · Health Policy
Unvetted
01 · Section

Public Summary — S. 3315: Health Care Cybersecurity and Resiliency Act of 2025

Headline Summary: A bipartisan plan to harden hospitals and health systems against cyberattacks by setting minimum security standards, improving HHS–CISA coordination, and offering grants and training; it advanced out of the Senate HELP Committee on February 26, 2026. (congress.gov)

What It Does: The bill would require covered health entities and business associates to adopt core cybersecurity practices (multifactor authentication, encryption of protected health information, and regular audits/penetration testing); direct HHS to build a department-wide cyber incident response plan; update public breach reporting to include corrective actions and the number of people affected; issue tailored guidance for rural providers; fund multi‑year grants to upgrade systems and reduce legacy tech; and expand workforce training. It also clarifies that HHS’s preparedness office leads department-wide cyber coordination in partnership with CISA. (congress.gov)

Who’s For It:

  • Sponsors from both parties: Sens. Bill Cassidy (R‑LA), Mark Warner (D‑VA), John Cornyn (R‑TX), and Maggie Hassan (D‑NH) argue the bill is needed after major breaches like the Change Healthcare attack and say it will modernize defenses, bolster coordination with CISA, and support rural and low‑resource providers. (help.senate.gov)
  • HELP Committee support: Advanced on a strong bipartisan vote (22–1) on February 26, 2026. (cyberscoop.com)

Who’s Against It:

  • Sen. Rand Paul (R‑KY) was the lone “no” vote in committee; the report did not detail his specific objections. (cyberscoop.com)
  • Hospitals and provider groups have pushed back against related federal moves to tighten cybersecurity rules—raising cost, staffing, and “one‑size‑fits‑all” concerns about requirements like MFA, encryption at rest, and frequent testing—signals of the debate likely to surface as this bill moves forward. (axios.com)

What’s Next: As of February 27, 2026, the bill heads from the HELP Committee to the full Senate. If it passes the Senate, the House would still need to act before any version could reach the President. Floor timing has not been announced. (cyberscoop.com)

Discussion