Congressman Crow Introduces Bipartisan Bill to Protect Americans’ Private Data from Cyberattacks

June 10, 2025
Press Release

WASHINGTON — Today, Congressman Jason Crow (D-CO-06) introduced new bipartisan legislation to better protect Americans’ private medical data from cyberattackers. 

Cyberattacks targeting Americans’ medical data have increased in recent years. In 2021, 46 million Americans had their health information breached as a result of a cyberattack, a threefold increase in three years. These cyberattacks often knock health systems offline, creating a backlog of unpaid claims and threatening patients’ access to care. Findings suggest that, as a result of these attacks, patients’ data may have been leaked on the dark web in the process. 

Congressman Crow’s Healthcare Cybersecurity Act would help safeguard Americans’ private medical data by requiring greater coordination at the federal level to ensure that government agencies stand ready to respond to the increasing threat posed by cyberattacks. Congressman Brian Fitzpatrick (R-PA-01) joined Congressman Crow in introducing this legislation. The bill was also introduced in the Senate by Senators Jacky Rosen (D-NV) and Todd Young (R-IN)

“As technology advances, we must do more to protect Americans' sensitive data,” said Congressman Crow. “That’s why I’m leading bipartisan legislation to strengthen our defenses and protect families from cyberattackers.”

“Cyberattacks on our healthcare system endanger more than data—they put lives at risk. I’ve long worked to strengthen our nation’s cyber defenses where Americans are most exposed, from small businesses to hospitals. This bipartisan bill takes direct, strategic action: empowering CISA and HHS to coordinate real-time threat sharing, expanding cybersecurity training for providers, and establishing a dedicated liaison to bolster response. We’re not just responding to attacks—we’re building the infrastructure to prevent them, protect patient privacy, and defend a vital pillar of our national security,” said Congressman Fitzpatrick.

The Healthcare Cybersecurity Act would specifically require the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services (HHS) to collaborate on improving cybersecurity in both the health care and public health sectors. It would create a liaison between CISA and HHS to coordinate responses to cyberattacks, and would authorize cybersecurity training to all relevant personnel. The bill would also require CISA and HHS to conduct a study on specific cybersecurity risks facing the health care and public health sectors.

Congressman Crow has long worked to strengthen America’s cybersecurity defenses, and previously introduced the Healthcare Cybersecurity Act in the 117th and 118th Congress. He also previously introduced the SBA Cyber Awareness Act, bipartisan legislation that would strengthen the Small Business Administration's (SBA) cybersecurity to handle and report cyber threats that affect small businesses.

###

Washington, D.C. Office
1323 Longworth HOB
Washington, DC  20515
Phone: (202) 225-7882

Note: It is a federal crime to threaten the life of a Member or staffer, and if callers make threats, they will be prosecuted.

Aurora Office
2170 S Parker Road, Suite #280
Aurora, CO  80231
Phone: (720) 748-7514

Note: It is a federal crime to threaten the life of a Member or staffer, and if callers make threats, they will be prosecuted.

Representative Jason Crow logo