$53 Million Cash Injection Proposed to Improve Cybersecurity and Protect COVID-19 Research Data

There is a considerable weight of evidence suggesting nation state hacking groups are targeting organizations involved in COVID-19 research and vaccine development to obtain information to further the research programs in their respective countries.

Security agencies in the United States, Canada and United Kingdom have recently warned that there is strong evidence that state-sponsored hacking groups linked to Russia, China, and Iran are conducting attacks to obtain COVID-19 research data, and earlier this month the U.S. Department of Justice indicted two Chinese nationals for hacking into the networks of U.S. organizations over a 10-year period, with recent hacks conducted to obtain COVID-19 vaccine research data.

Director of CISA, Christopher Krebs confirmed this week that research organizations working on vaccines are vulnerable to attack and that their hardware, software, and services are already under stress due to the increase in teleworking due to the pandemic.  A recent study conducted by BitSight on biomedical companies revealed many have unaddressed vulnerabilities that could be remotely exploited by hackers to gain access to networks and sensitive research data.

In an effort to combat the hackers, Republican Senators have proposed a cash injection of $53 million for the DHS Cybersecurity and Infrastructure Security Agency (CISA) to help remediate vulnerabilities and enhance Federal network security to protect agencies involved in the development of a vaccine for SARS-CoV-2. The new COVID-19 relief legislation was unveiled by the Senate Committee on Appropriations this week, with the funding provided in addition to the $9.1 million granted to CISA under the President Trump’s CARES Act economic stimulus package.

In total, the new relief legislation will make $306 billion available, with a significant proportion of the funding aimed at accelerating testing and vaccine development and ensuring schools can reopen as quickly as possible.

$307.3 million has been proposed for the Department of Energy Office of Science to support COVID-19 research and vaccine development and to help meet IT and cybersecurity needs and $16 billion has been proposed for states to help them with testing, contact tracing, and surveillance.

A group of Democrat Senators, including  Mark Warner, (D-VA), Elizabeth Warren (D-MA), Richard Blumenthal (D-CT), and Kamala Harris (D-CA) wrote to Senate and Concessional leaders urging them to include privacy protections for health data collected in relation to COVID-19. Without appropriate privacy protections, there is concern that many Americans will not engage with contact tracers and efforts to collect valuable data to help with the fight against COVID-19 will be hampered. In the letter, the Senators referenced a survey that indicated 84% of Americans are worried about the collection of health data by the government.  

“Health data is among the most sensitive data imaginable and even before this public health emergency, there has been increasing bipartisan concern with gaps in our nation’s health privacy laws,” wrote the Senators in the letter. “While a comprehensive update of health privacy protections is unrealistic at this time, targeted reforms to protect health data – particularly with clear evidence that a lack of privacy protections has inhibited public participation in screening activities – is both appropriate and necessary.”

In May, the proposed Public Health Emergency Privacy Act included privacy protections to strengthen public trust in screening and contact tracing efforts. The Democrat Senators want those privacy protections to be included in the new COVID-19 relief legislation. “Providing Americans with assurance that their sensitive health data will not be misused will give Americans more confidence to participate in COVID screening efforts, strengthening our common mission in containing and eradicating COVID-19,” wrote the Senators.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.