US HB3841

CISA must coordinate with HHS to improve healthcare cybersecurity and appoint a liaison to HHS with cybersecurity expertise to facilitate threat information sharing and incident coordination

CISA must provide cybersecurity training to healthcare facility owners and operators on sector-specific risks and mitigation strategies

HHS Secretary must update the Healthcare and Public Health Sector-specific Risk Management Plan within 1 year, analyzing cybersecurity impacts on rural and small/medium facilities, medical device vulnerabilities, and workforce shortages

HHS may establish criteria for designating "high-risk covered assets" and maintain a biannually-updated list to prioritize resource allocation for cyber resilience

Multiple reports required: CISA report on healthcare support activities within 120 days, HHS/CISA coordination report within 18 months, and GAO report on federal critical infrastructure resources within 18 months; no additional funds authorized