This legislation, known as the Healthcare Cybersecurity Act of 2025, seeks to significantly enhance the cybersecurity posture of the Healthcare and Public Health Sector . It addresses the growing threat of malicious cyberattacks, which have led to substantial data breaches, increased healthcare costs, and adverse impacts on patient health outcomes, as highlighted by recent findings of Congress. A core provision establishes a formal coordination mechanism between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS). This includes the appointment of a dedicated CISA liaison to HHS , tasked with facilitating threat information sharing, supporting the sector's risk management plan, and coordinating incident response. CISA is also directed to provide essential cybersecurity training to owners and operators of healthcare assets, covering risks and mitigation strategies. Furthermore, the bill mandates that HHS, in coordination with CISA, update the Healthcare and Public Health Sector-specific Risk Management Plan within one year. This updated plan must analyze cyber risks, evaluate challenges faced by healthcare entities in securing systems and medical devices, assess workforce shortages, and recommend best practices for utilizing CISA resources. The Secretary of HHS may also establish criteria to identify and list high-risk covered assets , enabling prioritized resource allocation to bolster their cyber resilience. Importantly, the bill specifies that no additional funds are authorized for its implementation.