Union Calendar No. 35
118th CONGRESS 1st Session |
[Report No. 118–52]
To amend title V of the Public Health Service Act to secure the suicide prevention lifeline from cybersecurity incidents, and for other purposes.
January 25, 2023
Mr. Obernolte (for himself and Mr. Cárdenas) introduced the following bill; which was referred to the Committee on Energy and Commerce
May 11, 2023
Reported with an amendment; committed to the Committee of the Whole House on the State of the Union and ordered to be printed
[Strike out all after the enacting clause and insert the part printed in italic]
[For text of introduced bill, see copy of bill as introduced on January 25, 2023]
To amend title V of the Public Health Service Act to secure the suicide prevention lifeline from cybersecurity incidents, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “9–8–8 Lifeline Cybersecurity Responsibility Act”.
SEC. 2. Protecting suicide prevention lifeline from cybersecurity incidents.
(a) National suicide prevention lifeline program.—Section 520E–3(b) of the Public Health Service Act (42 U.S.C. 290bb–36c(b)) is amended—
(b) Reporting.—Section 520E–3 of the Public Health Service Act (42 U.S.C. 290bb–36c) is amended—
(2) by inserting after subsection (e) the following:
“(f) Cybersecurity reporting.—
“(1) IN GENERAL.—
“(A) IN GENERAL.—The program’s network administrator receiving Federal funding pursuant to subsection (a) shall report to the Assistant Secretary, in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws—
“(B) LOCAL AND REGIONAL CRISIS CENTERS.—Local and regional crisis centers participating in the program shall report to the program’s network administrator identified in subparagraph (A), in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws—
“(2) NOTIFICATION.—If the program’s network administrator receiving funding pursuant to subsection (a) discovers, or is informed by a local or regional crisis center pursuant to paragraph (1)(B) of, a cybersecurity vulnerability or incident, such entity shall immediately report that discovery to the Assistant Secretary.
“(3) CLARIFICATION.—
“(A) OVERSIGHT.—
“(i) LOCAL AND REGIONAL CRISIS CENTER.—Except as provided in clause (ii), local and regional crisis centers participating in the program shall oversee all technology each center employs in the provision of services as a participant in the program.
“(ii) NETWORK ADMINISTRATOR.— The program’s network administrator receiving Federal funding pursuant to subsection (a) shall oversee the technology each crisis center employs in the provision of services as a participant in the program if such oversight responsibilities are established in the applicable network participation agreement.
“(B) SUPPLEMENT, NOT SUPPLANT.—The cybersecurity incident reporting requirements under this subsection shall supplement, and not supplant, cybersecurity incident reporting requirements under other provisions of applicable Federal law that are in effect on the date of the enactment of the 9–8–8 Lifeline Cybersecurity Responsibility Act”..”.
Union Calendar No. 35 | |||||
| |||||
[Report No. 118–52] | |||||
A BILL | |||||
To amend title V of the Public Health Service Act to secure the suicide prevention lifeline from cybersecurity incidents, and for other purposes. | |||||
May 11, 2023 | |||||
Reported with an amendment; committed to the Committee of the Whole House on the State of the Union and ordered to be printed |