Cybersecurity

Reps press HHS on ransomware

Rep. Ted Lieu (D-Calif.) and Rep. Will Hurd (R-Texas)

Reps. Ted Lieu (D-Calif.) and Will Hurd (R-Texas) want a light regulatory approach to disclosures following ransomware attacks against health care systems.

Ransomware attacks can shut down hospitals and health care systems by locking out providers' access to records. The Department of Health and Human Services is preparing guidance on how institutions should respond to such attacks and notify patients whose records are compromised.

Two Capitol Hill IT leaders, Rep. Will Hurd (R-Texas) and Rep. Ted Lieu (D-Calif.), are urging HHS leaders to think of ransomware as different from other types of cyberattacks.

In a June 27 letter to Deven McGraw, deputy director for health information privacy at HHS, the lawmakers wrote that ransomware hackers aren't after data. Instead, they're usually seeking cash.

Therefore, ransomware isn't typically a threat to data privacy but could harm patients by locking providers out at potentially crucial times, they wrote.

Hurd and Lieu said it might be necessary to notify patients if such a safety issue arises. However, notification only makes sense when ransomware results in denial of access to an electronic medical record and/or a loss of functionality to deliver medical services.

Mandating that institutions offer credit monitoring to patients might also prove to be an unnecessary expense, they added.

They said they would like to see guidance that "aggressively requires" notification of HHS federal cybersecurity authorities in the event of a breach.

They also urged HHS to make it clear that deleting or modifying a patient record during a cyberattack constitutes a breach under existing law.

They said ransomware is a bit of a chameleon because it typically executes itself from a bad email message or other file sent to a provider and then locks servers, storage devices, applications and files, disabling access to health records.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Featured

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

Stay Connected