HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberspace Solarium Commission Co-Chairs Call for HHS to Improve Threat Information Sharing with HPH Sector

Senator Angus S. King Jr. (I-ME) and Congressman Mike Gallagher (R-WI), Co-Chairs of the Cyberspace Solarium Commission, have written to HHS Secretary, Xavier Becerra, to voice their concerns about the lack of sharing of actionable threat information with industry partners to help the health and public health sector (HPH) address current cybersecurity gaps.

In the letter, the lawmakers explained that the COVID-19 pandemic revealed some of the systemic challenges facing the HPH sector, and during that time when healthcare workers were dealing with exacerbated workforce challenges, cybercriminals and nation-state threat actors targeted the HPH sector and ransomware attacks skyrocketed.

They suggest cyber threat actors recognized that the HPH sector was more likely than other victims to pay the ransom demands to protect patient safety and the large amounts of sensitive patient data stored by healthcare providers have made them targets for criminals and nation-state hackers. The lawmakers praised the efforts the White House and the HHS have put into improving cybersecurity in the HPH sector but are concerned about “The lack of robust and timely sharing of actionable threat information with industry partners.” They suggest there is a need to dramatically scale up the Department’s capabilities and resources due to the exponential growth of cyber threats, and that it is essential to prioritize addressing the HPH sector’s cybersecurity gaps.

King and Gallagher have requested a briefing from the Secretary of the HHS to share the status of the department’s efforts to strengthen its capabilities and operationalize collaboration with organizations throughout the HPH sector and say it is only possible to conduct effective oversight if they understand the challenges that the HHS and the HPH sector are facing.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Specifically, they have requested

  • Information on the current organizational structure, roles, and responsibilities that the HHS employs to support HPH cybersecurity and serve as the Sector Risk Management Agency (SRMA) for the entire HPH.
  • The current authorities the HHS has to improve the cybersecurity of the HPH sector
  • The resources, including personnel and budget, the HHS requires to serve as an effective SRMA
  • The interagency coordination structures utilized to support the HHS’s efforts and the cybersecurity efforts of the HPH sector, the successes achieved, and the challenges faced.

The lawmakers have also requested an unclassified threat briefing from the HHS on current cybersecurity risks to the HPH sector.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.