House bill would shake up HHS cyber offices

Two lawmakers are reviving a bid to improve cybersecurity at the Department of Health and Human Services by shaking up the organization.

Reps. Billy Long (R-Mo.) and Doris Matsui (D-Calif.) introduced the HHS Cybersecurity Modernization Act to bolster the department’s cybersecurity by reorganizing cybersecurity personnel and improving coordination between HHS offices.

In June, HHS CIO Beth Killoran estimated the department faces 500 million attempted cyber breaches each week, and a June 2017 report from the Health Care Industry Cybersecurity Task Force, comprising 21 health care experts from industry and government, made a series of recommendations for HHS to improve cybersecurity in the health care sector.

Specifically, the bill would require the department to develop a plan for how HHS offices that have regulatory authority to address health care cybersecurity will coordinate their response efforts to cybersecurity threats.

Long and Matsui offered similar legislation in 2016.

The bill also directs HHS to differentiate between its role in securing its departmental information systems and providing cyber defense information and assistance to the health care sector.

The plan HHS submits also would include the health care-related cyber challenges the department faces, and how it proposes to carry out its roles as both a regulator and a sector-specific agency charged with working with industry to protect critical infrastructure.

Among the recommendations made by the task force were for HHS to appoint a single cybersecurity official to coordinate digital security efforts across federal, state and industry partners and for HHS and industry to improve their information sharing on cyber threats.

The bill, Long said in a statement, "works to increase collaboration between HHS and the health care sector to ensure the protection of Americans’ sensitive personal data."