Recently, a number of hospital computer systems have been hacked and the hackers demanded ransomware. Wichita-based Kansas Heart Hospital is one of the hospitals that decided to pay the “small” ransom after the hackers locked files, a decision that the FBI does not recommend.
This latest cyber-attack occurred just one week prior to the Subcommittee on Health examining the cybersecurity efforts and responsibilities at the Department of Health and Human Services (“HHS”). The hearing, held on May 25th, also examined H.R. 5068, the HHS Data Protection Act, a bipartisan legislation that would establish the Office of the Chief Information Security Officer (“CISO”) within HHS.
During the hearing, Chairman Joseph Pitts stated that “It seems a major part of the problem is the organizational structure in place at HHS that puts information security second to information operations.” This was due to the recent investigation by the Energy and Commerce Subcommittee on Oversight and Investigations examining the information security at the US Food and Drug Administration where it was determined that serious weaknesses existed in the overall information security programs in HHS.
After hearing all of the testimony, full committee Chairman Fred Upton concluded that the HHS Data Protection Act addresses the problem the oversight committee identified.