S. 3315Heading to a voteHealth care
Senate bill sets new cybersecurity mandates for U.S. healthcare
Data as of July 11, 2026
S 3315 would require healthcare organizations nationwide to meet new cybersecurity standards, including multi-factor authentication and data encryption.55-second read · 5 questions answered below
Decoded
What does this do?
S 3315 directs HHS and CISA to coordinate more closely, share cyber threat information, and build a formal response plan for healthcare cyberattacks. The bill sets required security standards for healthcare entities, including multi-factor authentication and encryption of patient health information. It also updates the public breach reporting database to require more detail, such as patient counts affected and corrective actions taken.
Who does it affect?
Hospitals, rural health clinics, community health centers, academic medical centers, Indian Health Service facilities, and healthcare workers would all be subject to the new rules or affected by related training requirements. Patients nationwide would fall under the expanded protections for personal medical records.
Why does it matter?
Organizations that already meet strong security standards may receive more favorable treatment when fines are assessed after a breach, creating a compliance incentive. Rural providers, who typically have fewer resources, receive targeted guidance and would be subject to a government study assessing their ability to meet the new requirements.
What does it cost, and who pays?
- Grants authorized through 2030
- No dollar amount specified
- Eligible orgs may apply for upgrades
Where does it stand?
- Introduced
- Senate committee
- Senate vote — You are here
- House
- President's desk
Right now: it's headed for a Senate floor vote. If the House changes it, it goes back to the Senate before reaching the President.
AI-drafted summary. Verify it against the official text before you act on it.
Three steps: where you stand, your script, the call.
Make the callSee how a call works
Official title
Health Care Cybersecurity and Resiliency Act of 2026
- Introduced:
- December 2, 2025
- Latest action:
- March 23, 2026
Placed on Senate Legislative Calendar under General Orders. Calendar No. 365.
Read the official bill on Congress.govMake the call
Three steps: where you stand, your script, the call.