WASHINGTON, D.C. — Stakeholders and organizations across the health care sector are calling for the urgent passage of bipartisan legislation introduced by U.S. Senators Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee, and Mike Rounds (R-SD) that would renew critical cybersecurity provisions that expired on September 30, 2025. The Protecting America from Cyber Threats Act would reauthorize a bipartisan law that has been in place for ten years that enables private companies to voluntarily share cybersecurity threat indicators – such as malware signatures, software vulnerabilities, and malicious IP addresses – with the Department of Homeland Security (DHS). This collaboration has helped prevent data breaches, protected personal information, and strengthened the federal government’s ability to respond to cyberattacks from foreign adversaries and criminal networks.
The bipartisan bill is supported by health care industry organizations including Connected Health Initiative, Medical Device Manufacturers Association, AdvaMedDx, Coastal Bend Regional Advisory Council, CHIME, Healthcare Information and Management Systems Society, McLaren Health Care, Healthcare Leadership Council, Integrated Women’s Health, DirectTrust, and U.S. Healthcare & Public Health Sector Coordinating Council. To see the full list of stakeholders who support extending cyber threat information authorities, click here. Below are statements in support of the legislation:
“The Connected Health Initiative supports Senators Gary Peters (D-M.I.) and Mike Rounds (R-S.D.) in their efforts to reauthorize crucial cybersecurity information sharing authorities,” said Brian Scarpelli, Executive Director of the Connected Health Initiative. “Their legislation, S. 2983, extends this critical program facilitating the timely sharing of cybersecurity threat indicators needed to strengthen the nation’s security posture as a whole. The healthcare ecosystem is uniquely vulnerable to cyber incidents, and the damage caused by them particularly severe, so the reasonable liability protections the legislation would reauthorize are desperately needed to ensure patient security and privacy. Crucially, S. 2983 would protect any cybersecurity information sharing that has occurred during the lapse in the program as well as future activities. We urge the Senate to swiftly pass this legislation and ensure that companies have the best tools and information to continue protecting patient data.”
“MDMA strongly supports S. 2983, the bipartisan ‘Protecting America from Cyber Threats Act,’ and we look forward to working with Congress to address the lapse in critical federal cybersecurity authorities that expired on September 30th,” said Mark Leahey, President and CEO, Medical Device Manufacturers Association. “MDMA’s members represent the entire spectrum of medical technology innovators, and while they maintain the highest standards for cyber safety and security, they depend on the threat-information-sharing provisions in S. 2983 to fully collaborate with our partners across the healthcare ecosystem including the FDA, hospitals, and others. MDMA remains committed to working closely with Congress and the Administration to renew these essential authorities before any new cyber threats emerge.”
“The voluntary sharing of cyber threat information is a fundamental component of the medtech industry’s commitment to protecting patient safety and the integrity of life-saving medical technologies,” said Zach Rothstein, Executive Director, AdvaMedDx. “The Protecting America from Cyber Threats Act provides the continued essential legal framework that allows our members to securely collaborate with each other and with government partners, strengthening our collective defense against malicious cyber threats without fear of frivolous litigation. We applaud the bill’s sponsors and strongly urge Congress to act swiftly to pass this legislation, including the important provision for retroactive liability protection, to ensure the continued security and resilience of the U.S. healthcare system.”
“I strongly support S. 2983, the Protecting America from Cyber Threats Act,” said Garrett Hagood, Director of Special Initiatives and Chief Information Security Officer, Coastal Bend Regional Advisory Council. “This 10-year extension preserves critical information-sharing authorities, provides retroactive liability protection, and strengthens the trust between government and industry. By reaffirming these protections, Congress is helping maintain strong collaboration to defend our nation from cyber threats. This legislation is especially important for the healthcare sector, where cyberattacks continue to increase in both frequency and complexity, making secure and timely information sharing essential to protecting patient care and public health.”
“The College of Healthcare Information Management Executives (CHIME), a leading executive organization serving C-suite healthcare leaders, as well as rising talent at every stage of their careers, supports S. 2983, the Protecting America From Cyber Threats Act,” said Mari Savickis, VP of Public Policy, CHIME. “We are deeply appreciative of Senator Peters’ and Senator Rounds’ commitment to improve our nation’s cybersecurity posture and work to help strengthen protections for critical infrastructure. To that end, we support the reauthorization of crucial cybersecurity information sharing authorities which have been vital for healthcare providers by enabling trusted, sharing of cyber threat intelligence, helping hospitals and other healthcare providers detect and respond to attacks more effectively. The reauthorization is thus essential to preserve and expand these protections as threats grow more sophisticated and frequent.”
“HIMSS urges Congress to act swiftly to reauthorize crucial cybersecurity information sharing authorities and retroactively provide protections that strengthen healthcare cybersecurity,” said Hal Wolf, President and CEO of Healthcare Information and Management Systems Society. “Reauthorizing the legislation is essential for fostering trusted threat intelligence sharing that helps the healthcare community keep pace with today’s and tomorrow’s rapidly evolving cyber threats.”
“In providing diverse medical services across multiple states, we rely on information sharing of threat intel through various organizations including the US Government to help support our efforts in securing confidential and proprietary information,” said Philip Incarnati, President and CEO, McLaren Health Care. “The provisions and protections provided by the bill enhance the ability to detect, prevent, and respond to cyber threats as well as reduce the risks associated with sharing sensitive cybersecurity information. McLaren Health Care urges Congress to pass S. 2983 Protecting America from Cyber Threats Act.”
“Cyberattacks are no longer just data breaches—they’re direct threats to patient safety,” said Maria Ghazal, President & CEO of Healthcare Leadership Council. “When hackers disrupt access to care, they put lives at risk. The harm to our health system is real, growing, and deeply personal for the patients and providers affected. The Protecting America from Cyber Threats Act is a vital step toward strengthening our national cyber defenses by improving coordination and intelligence sharing between the public and private sector. This bipartisan legislation will help healthcare organizations detect and prevent attacks before they compromise patient care. The Healthcare Leadership Council strongly supports this bill because protecting patients begins with protecting the systems and data that make their care possible.”
###