The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

$53 Million Cash Injection Proposed to Improve Cybersecurity and Protect COVID-19 Research Data

Posted By on Jul 30, 2020

There is a considerable weight of evidence suggesting nation state hacking groups are targeting organizations involved in COVID-19 research and vaccine development to obtain information to further the research programs in their respective countries.

Security agencies in the United States, Canada and United Kingdom have recently warned that there is strong evidence that state-sponsored hacking groups linked to Russia, China, and Iran are conducting attacks to obtain COVID-19 research data, and earlier this month the U.S. Department of Justice indicted two Chinese nationals for hacking into the networks of U.S. organizations over a 10-year period, with recent hacks conducted to obtain COVID-19 vaccine research data.

Director of CISA, Christopher Krebs confirmed this week that research organizations working on vaccines are vulnerable to attack and that their hardware, software, and services are already under stress due to the increase in teleworking due to the pandemic.  A recent study conducted by BitSight on biomedical companies revealed many have unaddressed vulnerabilities that could be remotely exploited by hackers to gain access to networks and sensitive research data.

In an effort to combat the hackers, Republican Senators have proposed a cash injection of $53 million for the DHS Cybersecurity and Infrastructure Security Agency (CISA) to help remediate vulnerabilities and enhance Federal network security to protect agencies involved in the development of a vaccine for SARS-CoV-2. The new COVID-19 relief legislation was unveiled by the Senate Committee on Appropriations this week, with the funding provided in addition to the $9.1 million granted to CISA under the President Trump’s CARES Act economic stimulus package.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

In total, the new relief legislation will make $306 billion available, with a significant proportion of the funding aimed at accelerating testing and vaccine development and ensuring schools can reopen as quickly as possible.

$307.3 million has been proposed for the Department of Energy Office of Science to support COVID-19 research and vaccine development and to help meet IT and cybersecurity needs and $16 billion has been proposed for states to help them with testing, contact tracing, and surveillance.

A group of Democrat Senators, including  Mark Warner, (D-VA), Elizabeth Warren (D-MA), Richard Blumenthal (D-CT), and Kamala Harris (D-CA) wrote to Senate and Concessional leaders urging them to include privacy protections for health data collected in relation to COVID-19. Without appropriate privacy protections, there is concern that many Americans will not engage with contact tracers and efforts to collect valuable data to help with the fight against COVID-19 will be hampered. In the letter, the Senators referenced a survey that indicated 84% of Americans are worried about the collection of health data by the government.  

“Health data is among the most sensitive data imaginable and even before this public health emergency, there has been increasing bipartisan concern with gaps in our nation’s health privacy laws,” wrote the Senators in the letter. “While a comprehensive update of health privacy protections is unrealistic at this time, targeted reforms to protect health data – particularly with clear evidence that a lack of privacy protections has inhibited public participation in screening activities – is both appropriate and necessary.”

In May, the proposed Public Health Emergency Privacy Act included privacy protections to strengthen public trust in screening and contact tracing efforts. The Democrat Senators want those privacy protections to be included in the new COVID-19 relief legislation. “Providing Americans with assurance that their sensitive health data will not be misused will give Americans more confidence to participate in COVID screening efforts, strengthening our common mission in containing and eradicating COVID-19,” wrote the Senators.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist