Health Subcommittee Ranking Member Gene Green (D-TX) delivered the following statement today at a Health Subcommittee Hearing on “Examining Cybersecurity Responsibilities at HHS."
Cybersecurity represents a current and growing threat as our economy and everyday lives become more digitized.
From the 2014 breach of the Office of Personnel Management and high-profile private sector breaches of companies like Target, JP Morgan Chase, and Anthem, we are too frequently reminded of how vulnerable we are to security incidents involving personally identifiable information.
An unauthorized breach of personal information is particularly concerning when it is sensitive information about our health.
As with the private sector, information technology security management remains a challenge for all federal agencies.
The principle law concerning the federal government’s information security program is the Federal Information Security Management Act (FISMA)
The 2002 law requires agencies to provide information security protections for IT systems and information collected or maintained by agencies “consummate with the risk and magnitude of harm" that could result from unauthorized access or disruption.
Recognizing the importance of cybersecurity and vulnerabilities of HHS, Congress enacted the Cybersecurity Information Sharing Act (CISA) as part of the Consolidated Appropriations Act in December 2015.
CISA required the Secretary of HHS to review and report a plan for addressing cybersecurity threats and designate a clear official who is responsible for leading and coordinating efforts within HHS and the health care industry.
The law also established the Health Care Industry Cybersecurity Task Force.
Members were recently appointed to the task force and will deliver the finalized report by March of 2017.
We should let HHS carry out the provisions outlined in CISA.
I am a bit surprised by my colleagues’ decision to have a hearing today on H.R. 5068, the HHS Data Protection Act.
This legislation was recently introduced by Representatives Billy Long and Doris Matsui, and I thank them for their leadership on this issue.
Unfortunately, the last-minute timing of this hearing made it impossible for the Administration to testify.
Having HHS’ perspective would have greatly enhanced our evaluation of current cybersecurity improvement efforts and of the legislation, since HHS would be the carrying out the organizational reform proposed in H.R. 5068.
Again, cybersecurity remains an issue, and today is an opportunity to further the conversation.
I look forward to hearing from our witnesses about what the private sector is doing to enhance cybersecurity, including both defensive and offensive capabilities.
Thank you and I yield 2 minutes to my colleague from California, Congresswoman Doris Matsui.
