The House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations recently held a hearing assessing the U.S. Department of Health and Human Services’ (HHS) role in cybersecurity in the nation’s healthcare sector.
The goal of the discussion centered on two HHS reports that were submitted to Congress as a requirement of the Cybersecurity Information Sharing Act (CISA), which was signed into law by the Obama Administration in 2015.
The hearing comes in the wake of the ongoing international Wannacry ransomware attacks, which recently infected more than 200,000 computer systems across multiple nations, forcing users to pay the equivalent of $300 in the cryptocurrency, Bitcoin, before users regain access to their files.
“The WannaCry infection was not the first widespread cyber incident, nor will it be the last,” U.S. Rep. Tim Murphy (R-PA), who serves as chairman of the subcommittee, said. “Therefore, a commitment to raising the bar, for all participants in the sector – no matter how large or small, needs to embraced. This is a collective responsibility and HHS has an opportunity to show leadership and to set the tone.”
According to HHS’ written testimony, the department addressed recommendations made from the Health Care Industry Cybersecurity Task Force report, which named six specific goals HHS needed to address to mitigate various cybersecurity threats facing the industry.
The goals include defining and streamlining leadership expectations, increasing security of medical devices and health IT, developing a workforce capacity necessary to ensure awareness, increasing education, identifying ways to protect research and development efforts, and improving information sharing of threats.