The House Subcommittee on Health held a hearing on Wednesday examining cybersecurity efforts and responsibilities at the Department of Health and Human Services (HHS).
The hearing examined the HHS Data Protection Act, H.R. 5068, which amends the Public Health Service Act to establish the Office of the Chief Information Security Officer (CISO) within HHS. The bill was authored by committee members U.S. Reps. Billy Long (R-MO) and Doris Matsui (R-CA).
The bill stems from a committee investigation conducted earlier this year that identified serious weaknesses in the information security programs at HHS. The report pointed to the subordination of information security to information operations, as a result of the organizational structure in place at HHS with regards to its chief information officer (CIO) and CISO.
“As a result of an investigation conducted by the Energy and Commerce Subcommittee on Oversight and Investigations to examine information security at the U.S. Food and Drug Administration, it was determined that serious weaknesses existed in the overall information security programs at the U.S. Department of Health and Human Services (HHS),” U.S. Rep. Joseph Pitts (R-PA), chairman of the committee, said. “It seems a major part of the problem is the organizational structure in place at HHS that puts information security second to information operations.”