Rural Hospital Cybersecurity Enhancement Act

AI Summary

No AI Summary Available

Click the button above to generate an AI-powered summary of this bill using Claude.

The summary will analyze the bill's key provisions, impact, and implementation details.

Latest Action

Jun 25, 2025

Read twice and referred to the Committee on Health, Education, Labor, and Pensions.

Actions (2)

Read twice and referred to the Committee on Health, Education, Labor, and Pensions.

Type: IntroReferral | Source: Senate

Jun 25, 2025

Introduced in Senate

Type: IntroReferral | Source: Library of Congress | Code: 10000

Jun 25, 2025

Subjects (1)

Science, Technology, Communications (Policy Area)

Cosponsors (4)

Sen. Collins, Susan M. [R-ME]

(R-ME)
Jul 22, 2025

Sen. Ossoff, Jon [D-GA]

(D-GA)
Jun 26, 2025

Sen. Hassan, Margaret Wood [D-NH]

(D-NH)
Jun 25, 2025

Sen. Kelly, Mark [D-AZ]

(D-AZ)
Jun 25, 2025

Text Versions (1)

Introduced in Senate

Jun 25, 2025

PDF ↗ XML ↗

Full Bill Text

Length: 6,395 characters Version: Introduced in Senate Version Date: Jun 25, 2025 Last Updated: Nov 14, 2025 6:17 AM

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 2169 Introduced in Senate

(IS) ]

<DOC>

119th CONGRESS
1st Session
S. 2169

To require the development of a comprehensive rural hospital
cybersecurity workforce development strategy, and for other purposes.

_______________________________________________________________________

IN THE SENATE OF THE UNITED STATES

June 25 (legislative day, June 24), 2025

Mr. Hawley (for himself, Ms. Hassan, and Mr. Kelly) introduced the
following bill; which was read twice and referred to the Committee on
Health, Education, Labor, and Pensions

_______________________________________________________________________

A BILL

To require the development of a comprehensive rural hospital
cybersecurity workforce development strategy, and for other purposes.

Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,

SECTION 1.

This Act may be cited as the ``Rural Hospital Cybersecurity
Enhancement Act''.

SEC. 2.

In this Act:

(1) Agency.--The term ``agency'' has the meaning given the
term in

section 551 of title 5, United States Code.

(2) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--
(A) the Committee on Health, Education, Labor, and
Pensions of the Senate; and
(B) the Committee on Energy and Commerce of the
House of Representatives.

(3) Geographic division.--The term ``geographic division''
means a geographic division that is among the 9 geographic
divisions determined by the Bureau of the Census.

(4) Rural hospital.--The term ``rural hospital'' means a
healthcare facility that--
(A) is located in a non-urbanized area, as
determined by the Bureau of the Census; and
(B) provides inpatient and outpatient healthcare
services, including primary care, emergency care, and
diagnostic services.

(5) Secretary.--The term ``Secretary'' means the Secretary
of Health and Human Services.

SEC. 3.

(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Secretary shall develop and transmit to the
appropriate committees of Congress a comprehensive rural hospital
cybersecurity workforce development strategy to address the growing
need for skilled cybersecurity professionals in rural hospitals.

(b) Consultation.--

(1) Agencies.--In carrying out subsection

(a) , the
Secretary may consult with the Director of the Cybersecurity
and Infrastructure Security Agency, the Secretary of Education,
the Secretary of Labor, and any other appropriate head of an
agency.

(2) Providers.--In carrying out subsection

(a) , the
Secretary shall consult with not fewer than 2 representatives
of rural healthcare providers from each geographic division in
the United States.
(c) Considerations.--The rural hospital cybersecurity workforce
development strategy developed under subsection

(a) shall, at a
minimum, consider the following components:

(1) Partnerships between rural hospitals, non-rural
healthcare systems, educational institutions, private sector
entities, and nonprofit organizations to develop, promote, and
expand the rural hospital cybersecurity workforce, including
through education and training programs tailored to the needs
of rural hospitals.

(2) The development of a cybersecurity curriculum and
teaching resources that focus on teaching technical skills and
abilities related to cybersecurity in rural hospitals for use
in community colleges, vocational schools, and other
educational institutions located in rural areas.

(3) Identification of--
(A) cybersecurity workforce challenges that are
specific to rural hospitals, as well as challenges that
are relative to hospitals generally; and
(B) common practices to mitigate both sets of
challenges described in subparagraph
(A) .

(4) Recommendations for legislation, rulemaking, or
guidance to implement the components of the rural hospital
cybersecurity workforce development strategy.
(d) Annual Briefing.--Not later than 60 days after the date on
which the first full fiscal year ends following the date on which the
Secretary transmits the rural hospital cybersecurity workforce
development strategy developed under subsection

(a) , and not later than
60 days after the date on which each fiscal year thereafter ends, the
Secretary shall provide a briefing to the appropriate committees of
Congress that includes, at a minimum, information relating to--

(1) updates to the rural hospital cybersecurity workforce
development strategy, as appropriate;

(2) any programs or initiatives established pursuant to the
rural hospital cybersecurity workforce development strategy, as
well as the number of individuals trained or educated through
such programs or initiatives;

(3) additional recommendations for legislation, rulemaking,
or guidance to implement the components of the rural hospital
cybersecurity workforce development strategy; and

(4) the effectiveness of the rural hospital cybersecurity
workforce development strategy in addressing the need for
skilled cybersecurity professionals in rural hospitals.

SEC. 4.

(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Secretary shall make available instructional materials
for rural hospitals that can be used to train staff on fundamental
cybersecurity efforts.

(b) Duties.--In carrying out subsection

(a) , the Secretary shall--

(1) consult with appropriate heads of agencies, experts in
cybersecurity education, and rural healthcare experts;

(2) identify existing cybersecurity instructional materials
that can be adapted for use in rural hospitals and create new
materials as needed; and

(3) conduct an awareness campaign to promote the materials
available to rural hospitals developed under subsection

(a) .

SEC. 5.

No additional funds are authorized to be appropriated for the
purpose of carrying out this Act.
<all>

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 2169 Introduced in Senate

    (IS) ]

<DOC>

119th CONGRESS
 1st Session
 S. 2169

 To require the development of a comprehensive rural hospital 
 cybersecurity workforce development strategy, and for other purposes.

_______________________________________________________________________

 IN THE SENATE OF THE UNITED STATES

 June 25 (legislative day, June 24), 2025

 Mr. Hawley (for himself, Ms. Hassan, and Mr. Kelly) introduced the 
 following bill; which was read twice and referred to the Committee on 
 Health, Education, Labor, and Pensions

_______________________________________________________________________

 A BILL

 To require the development of a comprehensive rural hospital 
 cybersecurity workforce development strategy, and for other purposes.

 Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

 This Act may be cited as the ``Rural Hospital Cybersecurity 
Enhancement Act''.

SEC. 2. DEFINITIONS.

 In this Act:

    (1) Agency.--The term ``agency'' has the meaning given the 
 term in 

section 551 of title 5, United States Code.

    (2) Appropriate committees of congress.--The term 
 ``appropriate committees of Congress'' means--
        (A) the Committee on Health, Education, Labor, and 
 Pensions of the Senate; and
        (B) the Committee on Energy and Commerce of the 
 House of Representatives.

    (3) Geographic division.--The term ``geographic division'' 
 means a geographic division that is among the 9 geographic 
 divisions determined by the Bureau of the Census.

    (4) Rural hospital.--The term ``rural hospital'' means a 
 healthcare facility that--
        (A) is located in a non-urbanized area, as 
 determined by the Bureau of the Census; and
        (B) provides inpatient and outpatient healthcare 
 services, including primary care, emergency care, and 
 diagnostic services.

    (5) Secretary.--The term ``Secretary'' means the Secretary 
 of Health and Human Services.

SEC. 3. RURAL HOSPITAL CYBERSECURITY WORKFORCE DEVELOPMENT STRATEGY.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Secretary shall develop and transmit to the 
appropriate committees of Congress a comprehensive rural hospital 
cybersecurity workforce development strategy to address the growing 
need for skilled cybersecurity professionals in rural hospitals.

    (b) Consultation.--

    (1) Agencies.--In carrying out subsection

    (a) , the 
 Secretary may consult with the Director of the Cybersecurity 
 and Infrastructure Security Agency, the Secretary of Education, 
 the Secretary of Labor, and any other appropriate head of an 
 agency.

    (2) Providers.--In carrying out subsection

    (a) , the 
 Secretary shall consult with not fewer than 2 representatives 
 of rural healthcare providers from each geographic division in 
 the United States.
            (c) Considerations.--The rural hospital cybersecurity workforce 
development strategy developed under subsection

    (a) shall, at a 
minimum, consider the following components:

    (1) Partnerships between rural hospitals, non-rural 
 healthcare systems, educational institutions, private sector 
 entities, and nonprofit organizations to develop, promote, and 
 expand the rural hospital cybersecurity workforce, including 
 through education and training programs tailored to the needs 
 of rural hospitals.

    (2) The development of a cybersecurity curriculum and 
 teaching resources that focus on teaching technical skills and 
 abilities related to cybersecurity in rural hospitals for use 
 in community colleges, vocational schools, and other 
 educational institutions located in rural areas.

    (3) Identification of--
        (A) cybersecurity workforce challenges that are 
 specific to rural hospitals, as well as challenges that 
 are relative to hospitals generally; and
        (B) common practices to mitigate both sets of 
 challenges described in subparagraph
        (A) .

    (4) Recommendations for legislation, rulemaking, or 
 guidance to implement the components of the rural hospital 
 cybersecurity workforce development strategy.
            (d) Annual Briefing.--Not later than 60 days after the date on 
which the first full fiscal year ends following the date on which the 
Secretary transmits the rural hospital cybersecurity workforce 
development strategy developed under subsection

    (a) , and not later than 
60 days after the date on which each fiscal year thereafter ends, the 
Secretary shall provide a briefing to the appropriate committees of 
Congress that includes, at a minimum, information relating to--

    (1) updates to the rural hospital cybersecurity workforce 
 development strategy, as appropriate;

    (2) any programs or initiatives established pursuant to the 
 rural hospital cybersecurity workforce development strategy, as 
 well as the number of individuals trained or educated through 
 such programs or initiatives;

    (3) additional recommendations for legislation, rulemaking, 
 or guidance to implement the components of the rural hospital 
 cybersecurity workforce development strategy; and

    (4) the effectiveness of the rural hospital cybersecurity 
 workforce development strategy in addressing the need for 
 skilled cybersecurity professionals in rural hospitals.

SEC. 4. INSTRUCTIONAL MATERIALS FOR RURAL HOSPITALS.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Secretary shall make available instructional materials 
for rural hospitals that can be used to train staff on fundamental 
cybersecurity efforts.

    (b) Duties.--In carrying out subsection

    (a) , the Secretary shall--

    (1) consult with appropriate heads of agencies, experts in 
 cybersecurity education, and rural healthcare experts;

    (2) identify existing cybersecurity instructional materials 
 that can be adapted for use in rural hospitals and create new 
 materials as needed; and

    (3) conduct an awareness campaign to promote the materials 
 available to rural hospitals developed under subsection

    (a) .

SEC. 5. NO ADDITIONAL FUNDS.

 No additional funds are authorized to be appropriated for the 
purpose of carrying out this Act.
 <all>

View original source ↗

119-s2169