A June 6 article in Bloomberg Law’s Health Law & Life Sciences News, “Feds Get Dinged for Subpar Health-Care Cybersecurity,” discussed a letter that was recently released by members of the House Energy and Commerce Committee and the Senate Health, Education, Labor, and Pensions Committee. The letter asked the U.S. Department of Health and Human Services (HHS) to update its cybersecurity plans and provide guidance on how it will coordinate efforts among various agencies. Day Pitney’s Eric Fader was quoted in the article.According to the letter, HHS’s Healthcare Cybersecurity and Communications Integration Center (HCCIC) was supposed to be operational last June, but committee staff couldn’t determine whether the center still exists, what responsibilities it has, or who’s running it. Eric told Bloomberg Law that the HCCIC appears to be more aspirational than reality-based at this point, since two senior HHS officials responsible for the center’s operations were reassigned in September 2017.
“A bipartisan, bicameral letter questioning whether HHS’s collaboration and analysis center for cybersecurity actually exists, or what it’s doing if it does technically exist, is remarkable and alarming,” Eric said. He suggested that the letter should serve as a wake-up call to HHS Secretary Alex Azar that the agency’s attention to health-care cybersecurity needs immediate improvement.