S 1007
9–8–8 Lifeline Cybersecurity Responsibility Act
Take action
Record your position on this measure.
Sign in to record your position, submit testimony, or contact your legislator.
Sign in to take action- Introduced
- Passed Senate
- Passed House
- To President
- Became Law
Bill overview
This bill, the 9–8–8 Lifeline Cybersecurity Responsibility Act, aims to protect the 988 Suicide & Crisis Lifeline from cybersecurity threats. It requires SAMHSA to coordinate with the Department of Health and Human Services’ Chief Information Security Officer to address vulnerabilities and incidents. The bill also establishes reporting requirements for the lifeline’s network administrator and participating crisis centers, mandating that they report cybersecurity vulnerabilities and incidents to SAMHSA within 24 hours. Finally, it directs the Government Accountability Office to conduct a study on cybersecurity risks associated with the lifeline.
Key provisions
- Requires SAMHSA to coordinate with the Department of Health and Human Services’ Chief Information Security Officer.
- Establishes 24-hour reporting requirements for cybersecurity vulnerabilities and incidents for the lifeline’s network administrator and participating crisis centers.
- Mandates reporting to the Assistant Secretary regarding identified vulnerabilities and incidents.
- Directs the Government Accountability Office to conduct a study on cybersecurity risks to the 988 Lifeline.
- Requires local and regional crisis centers to oversee technology used in service provision.
- Specifies that cybersecurity reporting supplements, not supplants, other existing federal reporting requirements.
Who is affected
- Substance Abuse and Mental Health Services Administration (SAMHSA)
- 988 Suicide & Crisis Lifeline users
- Local and regional crisis centers
- Department of Health and Human Services
Sponsors
Official sponsors from legislative records.
Primary sponsor
Cosponsor
Arguments in favor
Reasons to support this legislation.
No arguments in favor have been submitted.
Submit yoursArguments opposed
Reasons to oppose this legislation.
No arguments opposed have been submitted.
Submit yoursRead the latest version inline or switch to a previous version.
119th CONGRESS — 1st Session
S. 1007
IN THE SENATE OF THE UNITED STATES
A BILL
To amend title V of the Public Health Service Act to secure the suicide prevention lifeline from cybersecurity incidents, and for other purposes.
This Act may be cited as the 9–8–8 Lifeline Cybersecurity Responsibility Act
.
Section 520E–3(b) of the Public Health Service Act (42 U.S.C. 290bb–36c(b)) is amended—
in paragraph (4), by striking and
at the end;
in paragraph (5), by striking the period at the end and inserting ; and
; and
by adding at the end the following:
Section 520E–3 of the Public Health Service Act (42 U.S.C. 290bb–36c) is amended—
by redesignating subsection (f) as subsection (g); and
by inserting after subsection (e) the following:
The program’s network administrator receiving Federal funding pursuant to subsection (a) shall report to the Assistant Secretary, in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws—
Local and regional crisis centers participating in the program shall report to the program’s network administrator described in subparagraph (A), in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws—
any identified cybersecurity vulnerabilities to the program within 24 hours of identification of such vulnerability; and
The cybersecurity incident reporting requirements under this subsection shall supplement, and not supplant, cybersecurity incident reporting requirements under other provisions of applicable Federal law that are in effect on the date of the enactment of the
9–8–8 Lifeline Cybersecurity Responsibility Act
.submit a report of the findings of such study to the Committee on Energy and Commerce of the House of Representatives and the Committee on Health, Education, Labor, and Pensions of the Senate.