written by
Senator Mark WarnerD-VA, Thursday criticized the Department of Health and Human Services (HHS) and cybersecurity and infrastructure security agencies (CISA) This is due to the lack of cybersecurity coordination during the past two years, when cyberattacks on the healthcare sector have surged.
and policy options paper Warner, which announced Thursday, called on agencies to provide more timely healthcare sector-specific cybersecurity guidance. Lawmakers also advocated appointing a new cybersecurity officer to HHS. This person reports directly to the Secretary of Health.
2021, cyber security attack More than 45 million people will be affected by such attacks in 2021, according to one study, and the number of healthcare providers has reached an all-time high. 32% increase 2020+.
“Staff hears from industry experts about the lack of coordination between HHS (as SRMA) and CISA, the U.S. government leader in ensuring the integrity of cybersecurity in commercial and infrastructure networks. is.” Warner Policy Paper said. “Stakeholders are sharing regardless of who is in charge, and would welcome an increase in timely, actionable, healthcare-specific cybersecurity guidance, so to speak.”
The white paper also notes that various agencies within HHS, including agencies such as the Centers for Medicare and Medicaid Services and the Food and Drug Administration (FDA), have varying degrees of experience and priorities when it comes to addressing cybersecurity challenges. It says there is
According to policy documents, the healthcare sector is particularly vulnerable to cyberattacks due to its reliance on legacy technology and software, its wide and diverse attack surface, high-pressure environment, financial constraints, and otherwise outdated thinking. says there is. t view cybersecurity as a primary concern;
Personal health information is also more valuable on the black market than other sensitive data such as credit card information, as hackers can sell stolen medical records anywhere. $10 to $1,000 per record, highlights of the paper. As such, the healthcare industry has the highest cost per breach of any industry, according to IBM’s Annual Data Breach Costs. report.
To reduce cyberattacks on the industry and increase vigilance, Warner’s white paper urges HHS to appoint a new senior leader within the agency who reports directly to the Secretary of Health and Human Services. cyber security,” the paper said.
“Those in this role have both operational and political authority to ensure that HHS speaks with one voice on cybersecurity in healthcare, including the expectations of external stakeholders and the role of government. This person must also effectively partner with other agencies to advance these goals and advocate for HHS to have the necessary resources to succeed,” the policy paper said. said.
Senator Warner’s staff declined to comment when asked for more information about the timing of his strong criticism of HHS and details about the lack of coordination with HHS.
HHS did not respond to a request for comment at the time of publication of this document.