Rural Hospital Cybersecurity Enhancement Act

The Rural Hospital Cybersecurity Enhancement Act would require the Secretary of Health and Human Services to develop and submit, within one year of enactment, a comprehensive cybersecurity workforce development strategy tailored to rural hospitals. The strategy must involve consultation with federal partners (including CISA, the Secretaries of Education and Labor, and other heads of agencies) and with rural healthcare providers across geographic divisions. It should focus on building partnerships, creating a rural-specific cybersecurity curriculum for rural colleges and training programs, identifying challenges unique to rural hospitals (and how to address them), and offering legislative or regulatory guidance to implement these components. The Act also obligates the Secretary to provide annual briefings to Congress detailing updates, programs, training metrics, and assessments of effectiveness. Additionally, the Secretary must develop and disseminate instructional materials for rural hospitals to train staff in fundamental cybersecurity, including adapting existing materials and launching an awareness campaign. Notably, the bill states that no new funds are authorized for these activities.