Cyberspace Solarium Commission Co-Chairs Asks HHS to Enhance Threat Data Sharing with HPH Industry

Congressman Mike Gallagher (R-WI) and Senator Angus S. King Jr. (I-ME), Co-Chairs of the Cyberspace Solarium Commission, wrote to Secretary Xavier Becerra of HHS, to express their fears regarding the insufficiency of disclosing actionable threat data with industry associates to aid the health and public health sector (HPH) deal with present cybersecurity issues.

The lawmakers mentioned in the letter that the COVID-19 pandemic showed a number of the systemic problems confronting the HPH sector, and at that time when healthcare personnel was coping with amplified workforce problems, cybercriminals and nation-state threat actors attacked the HPH industry and ransomware attacks exploded.

They say cyber threat actors found that the HPH industry was more likely to give ransom payments to maintain patient privacy and the big volumes of sensitive patient information are kept by healthcare suppliers making them appealing targets for scammers and nation-state attackers. The lawmakers lauded the work of the White House and the HHS on bettering cybersecurity in the HPH industry yet are worried about the deficiency of solid and timely disclosure of actionable threat data with industry associates. They mentioned it is necessary to considerably increase the Department’s abilities and resources because of the exponential increase of cyber threats, and that it is necessary to prioritize dealing with the HPH sector’s cybersecurity issues.

King and Gallagher have asked for the HHS Secretary’s briefing to talk about the standing of the department’s attempts to reinforce its capabilities and operationalize ventures with companies throughout the HPH industry. That is only feasible to perform effective oversight when they know the problems that the HHS and the HPH industry are dealing with.

Particularly, they have asked for data about the present organizational framework, roles, and duties that the HHS uses to help HPH cybersecurity and work as the Sector Risk Management Agency (SRMA) for the whole HPH.

  • The present authorities – the HHS needs to boost the cybersecurity of the HPH industry
  • The resources, such as employees and budget – the HHS needs to be an efficient SRMA
  • The interagency coordination structures employed to help the HHS’s efforts and the cybersecurity work of the HPH industry, the achievements reached, and the challenges encountered.

The lawmakers have additionally asked for an unclassified threat report from the HHS on present cybersecurity threats to the HPH industry.