WASHINGTON, DC - The Subcommittee on Oversight and Investigations, chaired by Rep. Tim Murphy (R-PA), today held a hearing examining the Department of Health and Human Services’ (HHS) role in cybersecurity efforts within the health care sector.
Discussed during the hearing were two reports that HHS was required to submit to Congress, following the implementation of the Cybersecurity Information Sharing Act (CISA), which became law in 2015. The reports outline the department’s internal cybersecurity processes and industry recommendations for what the federal government and industry can do to improve cybersecurity efforts in the health care sector.
#SubOversight Chairman Murphy kicked off the hearing by referencing the recent ‘WannaCry’ infection that crippled thousands of computers in hundreds of countries.
“The WannaCry infection was not the first widespread cyber incident, nor will it be the last," said Chairman Murphy. “Therefore, a commitment to raising the bar, for all participants in the sector - no matter how large or small, needs to embraced. This is a collective responsibility and HHS has an opportunity to show leadership and to set the tone."
Full committee Chairman Greg Walden (R-OR) stated, “As the opportunities for attackers proliferate, the potential consequences of their actions are becoming more severe. As more products, services, and industries become connected to the digital world, we must acknowledge that the threat is no longer just data and information - it is public health and safety."
In HHS’ written testimony, the agency addressed the recent release of the Health Care Industry Cybersecurity Task Force report, and highlighted six goals from the 21-person group, 17 of which are from private sector organizations.
According to HHS’ testimony, those goals are to: define and streamline leadership and expectations, increase security of medical devices and health IT, develop a workforce capacity necessary to ensure awareness, increase education, identify ways to protect R&D efforts and intellectual property, and improve information sharing of threats.
See Also
* Examining the Role of the Department of Health and Human Services in Health Care Cybersecurity
