Cybersecurity

CIO: HHS faces 500 million hack attempts per week

Shutterstock image (by wavebreakmedia): doors opening to a sky of clouds and code. 

By virtue of possessing millions of medical records, the Department of Health and Human Services is a prime and frequent target for attempted cybersecurity intrusions.

According to HHS CIO Beth Killoran's estimation, the department faces "500 million cyber hack attempts each week" and cautioned that already staggering number is only going to swell in the future.

"That's going to go up," she said at the MarkLogic Data Integration Summit June 20. "Because health data is the one thing about you that you can't change, and it's very powerful information, and the value of that data is going to go up."

"We have worked over the past five to 10 years to make sure we are gathering as much data as we possibly can," Killoran said. "At HHS, we have one in three Americans' [personally identifiable information] right now."

While the department has collected so much data and can do so very quickly, due to fixed finances and resources, "one of the current challenges we have is … we're not actually able to effectively put data together for meaningful use," she added.

Killoran said that HHS's priorities in making better use of its collected data are "to make sure we're partnering with industry" to reduce bureaucracy and to "put the tech at the fingertips of our citizens."

Specifically, the department is focusing on ways to increase patients' accessibility to and communication with their physicians by consolidating health information from disparate sources and expanding telehealth practices.

However, Killoran added that HHS must balance these priorities to innovate and increase information sharing with adequate cybersecurity protection of the massive amount of sensitive information the department houses.

"We have a responsibility to make sure that we're protecting citizens' information as they make it public and as they want to use that information to improve their health," she said.

At a June 8 Energy and Commerce Oversight and Investigations Subcommittee hearing, Steve Curren, director of HHS's Division of Resilience within the Office of Emergency Management,  attested to the dangerous implications of cyberattacks in the health care sector.  

"Since 2014, the healthcare sector has been hit with a wave of large healthcare information breaches, compromising the personal information of hundreds of millions of individuals," he testified. "These attacks shifted the threat landscape considerably, as they no longer threatened just personal information but also the ability of healthcare organizations to provide patient care."

To further aid HHS' cyber mission, a June 2017 report from the Health Care Industry Cybersecurity Task Force, comprising 21 health care experts from industry and government, laid out its "imperatives" to improve cybersecurity in the health care sector.

Among the recommendations were for HHS to appoint a single cybersecurity official to coordinate digital security efforts across federal, state and industry partners and for HHS and industry to improve their information sharing on cyber threats.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.