Government , Healthcare , Industry Specific
Lawmakers Request 'Urgent' Cyber Briefing With HHS LeadersCyberspace Solarium Commission Co-Chairs Send Letter to HHS Calling for More Action
The co-chairs of Congress' Cyberspace Solarium Commission are requesting a sit-down with Biden administration officials to discuss what they say is a lack of timely sharing of actionable threat information with the healthcare industry.
See Also: Passwords: BioTech and Pharma Both Need a New Path
In a letter sent Thursday to Health and Human Services Secretary Xavier Becerra, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisconsin, say the growing threat requires dramatic improvements within the department Becerra oversees.
Ransomware attacks on the healthcare sector have ballooned in tandem with the ongoing pandemic crisis, especially as criminals recognized that hospitals may pay quickly to resolve issues and protect patient safety. Meanwhile, troves of warehoused personal information make healthcare centers "valuable targets for both criminal and nation-state hackers," the lawmakers say.
More Action Needed
The two lawmakers acknowledge some steps taken by the Biden administration to address healthcare cybersecurity, including a White House-hosted executive forum on healthcare sector cybersecurity held in June (see: Healthcare Cybersecurity: Some Progress, Still Problems).
Still, the duo say they remain concerned "about the lack of robust and timely sharing of actionable threat information with industry partners and the need to dramatically scale up the Department's capabilities and resources."
As part of the briefing, the lawmakers say, they especially are seeking an assessment of:
- The current organizational structure and roles and responsibilities the department has to support HPH cybersecurity;
- The current authorities the department has to improve cybersecurity of the HPH sector, as well as the gaps in those authorities and what more might be needed to ensure the department has the authorities it needs;
- The resources, including personnel and budget, the department requires to serve as an effective sector risk management agency;
- The interagency coordination structures, successes and challenges of the department's efforts around HPH cybersecurity.
HHS did not immediately respond to Information Security Media Group's request for comment on the lawmakers' letter.
Greg Garcia, executive director of the Health Sector Coordinating Council, says the public-private advisory group appreciates congressional attention on the topic of industry cybersecurity.* "We have been given assurances that each question posed in the letter is being considered and acted on at the highest levels within HHS,” he says.
Garcia says coordinating council is hopeful “an augmented partnership structure between HHS and the sector” can emerge this fall.
“That HHS has the attention and resourcing support of the White House and Congress on this imperative can only help us succeed collaboratively,” he says.
Update Aug. 12, 2022 20:44 UTC: Adds comments from the Health Sector Coordinating Council.