In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy, the AHA said the highest cyber risk for patient data is often through third-party service and software providers. The AHA encouraged Congress to use federal agencies and resources to protect hospitals and health systems, and in turn the patients they serve, by combating international cyber threats and supporting funding for cybersecurity training and workforce, especially in rural areas.

“Hospitals and health systems have invested billions of dollars and taken many steps to protect patients and defend their networks from cyberattacks that can disrupt patient care and erode privacy by the loss of personal health care data,” AHA said in its statement. “Any cyberattack on the health care sector that disrupts or delays patient care creates a risk to patient safety and crosses the line from an economic crime to a threat-of-life crime. These attacks should be aggressively pursued and prosecuted by the federal government.”

The AHA also recommended reducing administrative burdens, like making the Health Insurance Portability and Accountability Act of 1996 cybersecurity requirements voluntary and strengthening the HIPAA preemption.