NY senator pushes cybersecurity bill in wake of Excellus breach

The latest widescale cyberattack led Sen. Charles Schumer (D-N.Y.) to urge Congress to draft a cybersecurity bill and prioritize the development of universal data breach notification standards.

Excellus BlueCross BlueShield last month announced the data breach that compromised the personal information of about 10 million people.

Citing the Anthem hack in February that affected 80 milllion records and the UCLA Health Systems in July which potentially affected 4.5 million people, Schumer said strengthening cyber protections is necessary. He noted that just last year, one-third of New York residents were victims of a data breach.

The Cybersecurity Information Sharing Act of 2015 (CISA, S. 754) would allow the sharing of internet traffic information between the government and technology and manufacturing companies. The bill was first introduced in the Senate in July 2014, but has not yet been considered or voted upon by the full Senate. 

Schumer said the fact that it took 19 months to discover the Excellus breach “just goes to show how sophisticated online hackers are and how much work we have to do when it comes to protecting our personal information. I am urging my colleagues in Congress to strengthen consumer cyber protections and require companies to notify their customers if there has been a breach of their personal information in a timely matter so they can take action to ensure they are not the victim of identity theft. In addition, we need intelligence and law enforcement agencies to work together to share information of potential cyber threats to prevent another attack.”

Schumer has a long history of advocating for increased cyber security, most recently urging the Commerce Department to rewrite a proposed rule that would limit private companies from usingsoftware to test the strength of their networks. He said preventing companies from testing their networks would leave them exposed to a potential attack. As a result, the Commerce Department rewrote the rule in consultation with cybersecurity experts to ensure companies would be able to use software to test the security of their networks.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.