CIO: HHS faces 500 million hack attempts per week

By virtue of possessing millions of medical records, the Department of Health and Human Services is a prime and frequent target for attempted cybersecurity intrusions.

According to HHS CIO Beth Killoran's estimation, the department faces "500 million cyber hack attempts each week" and cautioned that already staggering number is only going to swell in the future.

"That's going to go up," she said at the MarkLogic Data Integration Summit June 20. "Because health data is the one thing about you that you can't change, and it's very powerful information, and the value of that data is going to go up."

"We have worked over the past five to 10 years to make sure we are gathering as much data as we possibly can," Killoran said. "At HHS, we have one in three Americans' [personally identifiable information] right now."

While the department has collected so much data and can do so very quickly, due to fixed finances and resources, "one of the current challenges we have is … we're not actually able to effectively put data together for meaningful use," she added.

Killoran said that HHS's priorities in making better use of its collected data are "to make sure we're partnering with industry" to reduce bureaucracy and to "put the tech at the fingertips of our citizens."

Specifically, the department is focusing on ways to increase patients' accessibility to and communication with their physicians by consolidating health information from disparate sources and expanding telehealth practices.

However, Killoran added that HHS must balance these priorities to innovate and increase information sharing with adequate cybersecurity protection of the massive amount of sensitive information the department houses.

"We have a responsibility to make sure that we're protecting citizens' information as they make it public and as they want to use that information to improve their health," she said.

At a June 8 Energy and Commerce Oversight and Investigations Subcommittee hearing, Steve Curren, director of HHS's Division of Resilience within the Office of Emergency Management,  attested to the dangerous implications of cyberattacks in the health care sector.  

"Since 2014, the healthcare sector has been hit with a wave of large healthcare information breaches, compromising the personal information of hundreds of millions of individuals," he testified. "These attacks shifted the threat landscape considerably, as they no longer threatened just personal information but also the ability of healthcare organizations to provide patient care."

To further aid HHS' cyber mission, a June 2017 report from the Health Care Industry Cybersecurity Task Force, comprising 21 health care experts from industry and government, laid out its "imperatives" to improve cybersecurity in the health care sector.

Among the recommendations were for HHS to appoint a single cybersecurity official to coordinate digital security efforts across federal, state and industry partners and for HHS and industry to improve their information sharing on cyber threats.