Lawmakers Request ‘Urgent’ Cyber Briefing With HHS Leaders
Cyberspace Solarium Commission Co-Chairs Send Letter to HHS Calling for More Action
Link to interview:
Marianne Kolbasuk McGee (HealthInfoSec) • August 12, 2022
The co-chairs of Congress’ Cyberspace Solarium Commission are requesting a sit-down with Biden administration officials to discuss what they say is a lack of timely sharing of actionable threat information with the healthcare industry.
In a letter sent Thursday to Health and Human Services Secretary Xavier Becerra, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisconsin, say the growing threat requires dramatic improvements within the department Becerra oversees.
Ransomware attacks on the healthcare sector have ballooned in tandem with the ongoing pandemic crisis, especially as criminals recognized that hospitals may pay quickly to resolve issues and protect patient safety. Meanwhile, troves of warehoused personal information make healthcare centers “valuable targets for both criminal and nation-state hackers,” the lawmakers say.
More Action Needed
The two lawmakers acknowledge some steps taken by the Biden administration to address healthcare cybersecurity, including a White House-hosted executive forum on healthcare sector cybersecurity held in June (see: Healthcare Cybersecurity: Some Progress, Still Problems).
Still, the duo say they remain concerned “about the lack of robust and timely sharing of actionable threat information with industry partners and the need to dramatically scale up the Department’s capabilities and resources.”
As part of the briefing, the lawmakers say, they especially are seeking an assessment of:
- The current organizational structure and roles and responsibilities the department has to support HPH cybersecurity;
- The current authorities the department has to improve cybersecurity of the HPH sector, as well as the gaps in those authorities and what more might be needed to ensure the department has the authorities it needs;
- The resources, including personnel and budget, the department requires to serve as an effective sector risk management agency;
- The interagency coordination structures, successes and challenges of the department’s efforts around HPH cybersecurity.
HHS did not immediately respond to Information Security Media Group’s request for comment on the lawmakers’ letter.
Greg Garcia, executive director of the Health Sector Coordinating Council, says the public-private advisory group appreciates congressional attention on the topic of industry cybersecurity.* “We have been given assurances that each question posed in the letter is being considered and acted on at the highest levels within HHS,” he says.
Garcia says coordinating council is hopeful “an augmented partnership structure between HHS and the sector” can emerge this fall.
“That HHS has the attention and resourcing support of the White House and Congress on this imperative can only help us succeed collaboratively,” he says.
- Related Resources & News
- Leveraging ISO 81001-5-1 Amid Medical Device Procurement
- Mitigating risk as healthcare supply chain attacks prevail
- Enhancing Cybersecurity in Rural Hospitals
- Health-ISAC Hacking Healthcare 11-15-2024
- Cyber Incident Response: Playbook for Medical Product Makers
- Feds Warn of Godzilla Webshell Threats to Health Sector
- Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
- Health-ISAC Hacking Healthcare 11-7-2024
- Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
- All hospitals should be concerned about cyberattacks. Here’s why