WASHINGTON DC- Rep. Mike Gallagher (R-WI) and Senator Angus King (I-ME), co-chairs of the Cyberspace Solarium Commission (CSC), urge the Biden administration to better protect the public health sector (HPH) from cyber threats . In letter to Secretary of Health and Human Services (HHS), Becerra, King and Gallagher highlight rapid rise in number of cyberattacks targeting healthcare, call for stronger collaborative action to address threat increasing and require an urgent briefing from the administration on their current situation. posture.
In part, lawmakers wrote, “The COVID-19 pandemic has exposed systemic challenges facing the healthcare and public health (HPH) sector…For those of us working on national cyber-resilience issues, COVID- 19 was accompanied by another epidemic – that of ransomware. Ransomware attacks against the HPS industry have skyrocketed over the past two years as opportunistic criminals have recognized that hospitals can pay quickly to fix problems and protect patient safety… So, we’re asking your office a briefing on the status of efforts to strengthen the department’s capacity as the sector’s risk management agency and to operationalize collaboration with organizations across the sector.
The CSC co-chairs are asking the administration to urgently brief them on several key details of the healthcare cyberposture, including:
- The current organizational structure and roles and responsibilities that HHS employs to support HPH cybersecurity;
- The current HHS authorities need to improve the cybersecurity of the HPH sector as well as the shortcomings of these authorities;
- The resources—including staff and budget—that HHS needs to serve as an effective industry risk management agency;
- Interagency coordination structures, successes, and challenges used to support HHS efforts and HPH cybersecurity efforts.
As co-chairs of the Cyberspace Solarium Commission (CSC), Senator King and Representative Gallagher are recognized as two of Congress’ leading cyber defense experts and are strong advocates of forward-thinking cyber strategy that emphasizes on multi-level cyber deterrence. Since he officially launched in April 2019, dozens of CSC recommendations have been enacted into lawincluding the creation of a National Cyber Director.
You can read the full letter HERE and below:
Dear Secretary Becerra,
The COVID-19 pandemic has revealed systemic challenges faced by health and public health sector (HPH). Early shortages of personal protective equipment highlighted the challenges of supply chains dependent on opposing foreign nations. The demands placed on healthcare workers have exacerbated workforce challenges, especially in underserved and rural communities. For those of us working on national cyber-resilience issues, COVID-19 has brought with it another epidemic – that of ransomware.
Ransomware attacks against the HPS industry have exploded over the past two years as opportunistic criminals recognize that hospitals can pay quickly to fix problems and protect patient safety. Meanwhile, troves of personally identifiable information and personal health information make industry organizations valuable targets for criminal and domestic hackers.
In this context, we were encouraged to see the White House hosting an executive forum on healthcare cybersecurity and the recognition by your department and other participants of the importance of improving the cybersecurity of this vital sector of critical infrastructure. . We also appreciate the FDA’s focus on medical device cybersecurity and the growing ability of the Department’s Critical Infrastructure Protection Division and the Healthcare Industry Cybersecurity Coordination Center (HC3) to explain cyber threats. through a sectoral perspective.
We remain concerned, however, about the lack of robust and timely sharing of actionable threat intelligence with industry partners and the need to significantly increase the Department’s capabilities and resources. With the exponential growth of cyber threats, we must prioritize addressing cybersecurity gaps in the HPS sector.
As former Co-Chairs of the Cyberspace Solarium Commission and authors of the Sector Risk Management Agency (SRMA) legislation currently in effect, we recognize the important partnership between the executive and legislative branches to properly organize and fund the public-private collaboration to protect against cyber threats. Thus, we seek a briefing from your office on the status of efforts to build the department’s capacity as an SRMA and to operationalize collaboration with organizations across the sector.
As part of this briefing, we would appreciate an assessment of:
- the current organizational structure and roles and responsibilities that HHS employs to support HPH’s cybersecurity and serve as the SRMA for all of HPH. including intra-departmental coordination (for example, how the Strategic Preparedness and Response Administration serves as SRMA coordinates with the Chief Information Officer who leads HC3);
- current HHS authorities need to improve the cybersecurity of the HPH sector as well as gaps in those authorities and what might be needed to ensure that HHS has the authorities it needs;
- the resources – including staff and budget – that HHS needs to serve as an effective sector risk management agency;
- interagency coordination structures, successes and challenges used to support HHS efforts and HPH cybersecurity efforts.
We and our colleagues can only perform effective monitoring if we understand the challenges that your department and the HPS sector are facing. As such, as part of the briefing, I would welcome an unclassified threat briefing from your office on cybersecurity risks to this most vital critical infrastructure sector.
Thank you for your attention to this important issue. I look forward to working with you to improve the cybersecurity of the health and public health sector and, by extension, to make our nation more resilient in cyberspace.