Bill Sponsor
BILLSPONSOR
Bill Sponsor
Politicians
Bills
Senate Bill 1493
118th Congress(2023-2024)
9–8–8 Lifeline Cybersecurity Responsibility Act
Introduced
Introduced
Introduced in Senate on May 9, 2023
Overview
Text
Introduced in Senate 
May 9, 2023
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in Senate(May 9, 2023)
May 9, 2023
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
S. 1493 (Introduced-in-Senate)


118th CONGRESS
1st Session
S. 1493


To amend title V of the Public Health Service Act to secure the suicide prevention lifeline from cybersecurity incidents, and for other purposes.

IN THE SENATE OF THE UNITED STATES

May 9, 2023

Ms. Sinema (for herself and Mr. Mullin) introduced the following bill; which was read twice and referred to the Committee on Health, Education, Labor, and Pensions

A BILL

To amend title V of the Public Health Service Act to secure the suicide prevention lifeline from cybersecurity incidents, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “9–8–8 Lifeline Cybersecurity Responsibility Act”.

SEC. 2. Protecting suicide prevention lifeline from cybersecurity incidents.

(a) National suicide prevention lifeline program.—Section 520E–3(b) of the Public Health Service Act (42 U.S.C. 290bb–36c(b)) is amended—

(1) in paragraph (4), by striking “and” at the end;

(2) in paragraph (5), by striking the period at the end and inserting “; and”; and

(3) by adding at the end the following:

“(6) coordinating with the Chief Information Security Officer of the Department of Health and Human Services to take such steps as may be necessary to ensure the program is protected from cybersecurity incidents and eliminates known cybersecurity vulnerabilities.”.

(b) Reporting.—Section 520E–3 of the Public Health Service Act (42 U.S.C. 290bb–36c) is amended—

(1) by redesignating subsection (f) as subsection (g); and

(2) by inserting after subsection (e) the following:

“(f) Cybersecurity reporting.—

“(1) IN GENERAL.—

“(A) IN GENERAL.—The program’s network administrator receiving Federal funding pursuant to subsection (a) shall report to the Assistant Secretary, in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws—

“(i) any identified cybersecurity vulnerabilities to the program within 24 hours of identification of such a vulnerability; and

“(ii) any identified cybersecurity incidents to the program within 24 hours of identification of such incident.

“(B) LOCAL AND REGIONAL CRISIS CENTERS.—Local and regional crisis centers participating in the program shall report to the program’s network administrator identified in subparagraph (A), in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws—

“(i) any identified cybersecurity vulnerabilities to the program within 24 hours of identification of such vulnerability; and

“(ii) any identified cybersecurity incidents to the program within 24 hours of identification of such incident.

“(2) NOTIFICATION.—If the program’s network administrator receiving funding pursuant to subsection (a) discovers, or is informed by a local or regional crisis center pursuant to paragraph (1)(B) of, a cybersecurity vulnerability or incident, within 24 hours of such discovery or receipt of information, such entity shall report the vulnerability or incident to the Assistant Secretary.

“(3) CLARIFICATION.—

“(A) OVERSIGHT.—

“(i) LOCAL AND REGIONAL CRISIS CENTER.—Except as provided in clause (ii), local and regional crisis centers participating in the program shall oversee all technology each center employs in the provision of services as a participant in the program.

“(ii) NETWORK ADMINISTRATOR.— The program’s network administrator receiving Federal funding pursuant to subsection (a) shall oversee the technology each crisis center employs in the provision of services as a participant in the program if such oversight responsibilities are established in the applicable network participation agreement.

“(B) SUPPLEMENT, NOT SUPPLANT.—The cybersecurity incident reporting requirements under this subsection shall supplement, and not supplant, cybersecurity incident reporting requirements under other provisions of applicable Federal law that are in effect on the date of the enactment of the 9–8–8 Lifeline Cybersecurity Responsibility Act”..”.

(c) Study.—Not later than 180 days after the date of the enactment of this Act, the Comptroller General of the United States shall—

(1) conduct and complete a study that evaluates cybersecurity risks and vulnerabilities associated with the 9–8–8 National Suicide Prevention Lifeline; and

(2) submit a report of the findings of such study to the Committee on Energy and Commerce of the House of Representatives and the Committee on Health, Education, Labor, and Pensions of the Senate.