HAP's Latest News

Federal Lawmakers Press Government Agency on Cybersecurity Capabilities

October 12, 2020

As the COVID-19 pandemic continues to force many Americans to conduct increasingly larger portions of their business online, cybersecurity remains a top concern for government officials and consumers, alike. This is especially true for health care providers and institutions, and the patients they serve.

A bipartisan group of members of the U.S. House Energy & Commerce Committee recently penned a letter to the U.S. Department of Health and Human Services (HHS) Government Accountability Office (GAO), requesting information related to its ability to protect patient data in the event of a cybersecurity breach.

The letter—signed by Chairman Frank Pallone (D-NJ), ranking member Greg Walden (R-OR), as well as Representatives Diana DeGette (D-CO) and Brett Guthrie (R-KY)—was sent amid a long-term oversight of HHS’ and related agencies’ abilities to prevent cybersecurity breaches, and to protect sensitive data if a breach does occur.

Citing a March 2020 cyberattack on HHS, the committee members requested that GAO assess HHS’ abilities to respond to potential cybersecurity-related issues, including “assessing the agency’s forensic threat intelligence data infrastructure used in responding to major or significant incidents involving persistent threats and data breaches.”

The committee members noted that “[t]he Chief Information Security Officer at HHS recently acknowledged that the ongoing COVID-19 public health crisis has placed a new target on HHS, and malicious actors have boosted their efforts to infiltrate the agency and access sensitive data.”

The American Hospital Association (AHA) has made significant investments in being a resource to the national hospital community on cybersecurity, and keeps the hospital community abreast of critical information and relevant notices from agencies including the FBI, Department of Homeland Security, HHS; and cybersecurity collaboratives. Building on the AHA’s efforts, HAP’s emergency management team works with hospitals to share best practices and ransomware patches, and limit their exposure to cybersecurity risks.

October is Cybersecurity Awareness Month. Earlier this month, the Wolf Administration reminded all Pennsylvanians to take proactive steps to protect themselves online

For more information, contact Scott Mickalonis, HAP’s vice president, emergency management or Jason Tomashunas, HAP’s manager, emergency management.