A letter has been sent by Angus S. King Jr. (I-ME) and Congressman Mike Gallagher (R-WI), Co-Chairs of the Cyberspace Solarium Commission to the Department of Health and Human Services’ Secretary Xavier Beccerra expressing concerns regarding the public health sector’s cybersecurity. In the letter, the lawmakers emphasize the significant rise in cyberattacks aimed at the healthcare industry, call for more concerted effort to confront the growing danger, and request the government for an urgent update on the issue.
King and Gallagher detail how the COVID-19 pandemic exposed several systemic issues within the healthcare sector, particularly the shortage of resources. However, the lawmakers also highlight the increase in ransomware attacks. They explain how opportunistic cybercriminals were able to take advantage of the healthcare sector as they recognized that hospitals were more likely to pay ransoms to resolve patient data security issues as soon as possible. In the letter, King and Gallagher applauded the work that the government had done to enhance cybersecurity in the healthcare sector. This includes hosting an executive forum on healthcare cybersecurity and the FDA’s placing more attention on medical device cybersecurity.
Despite this, King and Gallagher contend that there is still cause for concern. They state “about the lack of robust and timely sharing of actionable threat information with industry partners and the need to dramatically scale up the Department’s capabilities and resources”. The lawmakers believe that the Department’s resources must be considerably increased in light of the exponential rise in cyberthreats and argue that the necessity to place the healthcare sector’s cybersecurity vulnerabilities as a top priority.
King and Gallagher expressly asked for an evaluation of the current organizational structure, roles, and duties that HHS uses to promote healthcare cybersecurity. As a result, the evaluation will demonstrate vulnerabilities in the Department of Health and Human Services’ authorities. The Co-Chairs have also questioned the HHS on the interagency coordination frameworks, achievements, and difficulties associated with assisting the HHS’ cybersecurity initiatives.
“We and our colleagues can only conduct effective oversight if we understand the challenges that your department and the HPH sector are facing”, stated the lawmakers. “As such, as part of the briefing, I would welcome an unclassified threat briefing from your office on the cybersecurity risks to this most vital critical infrastructure sector.