Consumer Electronics Daily was a Warren News publication.

Cyber Risks, Ransomware Rising Threats to Health Sector, HHS Officials to Testify Thursday

Cybersecurity, including prevention of data breaches and ransomware threats, has become a top priority for the Department of Health and Human Services, officials plan to tell the House Commerce's Subcommittee on Oversight and Investigations at a hearing Thursday. Emery Csulak, chief information security officer with the Centers for Medicare and Medicaid Services; Steve Curren, director-division of resilience within HHS' Office of Emergency Management; and HHS Chief Information Officer Leo Scanlon jointly submitted prepared testimony. Since 2014, the healthcare and public health sector has been hit with breaches, with a rise in ransomware attacks last year, they will tell lawmakers. "These attacks shifted the threat landscape considerably, as they no longer threatened just personal information but also the ability of health care organizations to provide patient care." Partnerships across HHS, government and private sectors helped provide expertise to fight the threat, they plan to say. In response to the WannaCry ransomware attack (see 1705180032, 1705160038, 1705160008 and 1705150008), which hit hospitals in the U.K. (see 1705120055), HHS worked with the Department of Homeland Security's National Cybersecurity and Communications Integration Center to develop an "immediate response" to help the healthcare sector's security experts respond to and report the WannaCry intrusions, they say. This was the first time HHS organized itself to respond to a cybersecurity incident, setting a standard, they say. Working groups and initiatives are underway to improve cybersecurity across the department and health sector, according to the testimony, citing HHS' Healthcare Cybersecurity Communications Integration Center aimed at improving collaboration among entities and strengthen reporting and threat awareness. The center helped coordinate the WannaCry response, the officials say. On May 11, a government-driven healthcare industry cybersecurity task force released a report with recommendations on improving protections across agencies, the HHS officials note. Recommendations include that improvements are needed in the security and resilience of medical devices and health IT, healthcare workers and industry need to be more aware of cybersecurity and make it a priority, and there should be greater information sharing.