Government , Healthcare , Industry Specific

Lawmakers Request 'Urgent' Cyber Briefing With HHS Leaders

Cyberspace Solarium Commission Co-Chairs Send Letter to HHS Calling for More Action
Lawmakers Request 'Urgent' Cyber Briefing With HHS Leaders
Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisconsin

The co-chairs of Congress' Cyberspace Solarium Commission are requesting a sit-down with Biden administration officials to discuss what they say is a lack of timely sharing of actionable threat information with the healthcare industry.

See Also: OnDemand | National Treasure of Cybersecurity: Guarding Against BEC and Phishing Attacks

In a letter sent Thursday to Health and Human Services Secretary Xavier Becerra, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisconsin, say the growing threat requires dramatic improvements within the department Becerra oversees.

Ransomware attacks on the healthcare sector have ballooned in tandem with the ongoing pandemic crisis, especially as criminals recognized that hospitals may pay quickly to resolve issues and protect patient safety. Meanwhile, troves of warehoused personal information make healthcare centers "valuable targets for both criminal and nation-state hackers," the lawmakers say.

More Action Needed

The two lawmakers acknowledge some steps taken by the Biden administration to address healthcare cybersecurity, including a White House-hosted executive forum on healthcare sector cybersecurity held in June (see: Healthcare Cybersecurity: Some Progress, Still Problems).

Still, the duo say they remain concerned "about the lack of robust and timely sharing of actionable threat information with industry partners and the need to dramatically scale up the Department's capabilities and resources."

As part of the briefing, the lawmakers say, they especially are seeking an assessment of:

  • The current organizational structure and roles and responsibilities the department has to support HPH cybersecurity;
  • The current authorities the department has to improve cybersecurity of the HPH sector, as well as the gaps in those authorities and what more might be needed to ensure the department has the authorities it needs;
  • The resources, including personnel and budget, the department requires to serve as an effective sector risk management agency;
  • The interagency coordination structures, successes and challenges of the department's efforts around HPH cybersecurity.

HHS did not immediately respond to Information Security Media Group's request for comment on the lawmakers' letter.

Greg Garcia, executive director of the Health Sector Coordinating Council, says the public-private advisory group appreciates congressional attention on the topic of industry cybersecurity.* "We have been given assurances that each question posed in the letter is being considered and acted on at the highest levels within HHS,” he says.

Garcia says coordinating council is hopeful “an augmented partnership structure between HHS and the sector” can emerge this fall.

“That HHS has the attention and resourcing support of the White House and Congress on this imperative can only help us succeed collaboratively,” he says.

Update Aug. 12, 2022 20:44 UTC: Adds comments from the Health Sector Coordinating Council.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.