Sen. Mark Warner, D-Va, wants federal agency leaders to weigh in on what would make a good cybersecurity strategy for the health care sector.
“The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending,” Warner said in a statement. “However, the increased use of technology has also left the health care industry more vulnerable to attack.”
Warner penned letters to senior officials at the Food and Drug Administration, Health and Human Services Department, Centers for Medicare and Medicaid Services, and National Institute of Standards and Technology asking for details about their own attempts to engage public and private stakeholders in combating cyberattacks that target the health care industry.
The senator noted that America’s hospital systems, insurance companies and laboratories have been plagued by cyber crimes in recent years and that the nation’s health care economy is “still fraught with vulnerabilities” that put millions of patients at risk. Expanding on the threats, Warner’s letters cite statistics from the Government Accountability Office estimating that more than 113 million patient health care records were stolen in 2015. The senator also referenced a separate study conducted by Accenture the same year, which suggests cyberattacks would cost America more than $305 billion over the course of five years.
“A successful breach of a patient’s health care record often yields information such as social security numbers, home addresses, health histories, and other sensitive records that can be sold or used for identity theft,” Warner wrote. “Additionally, hackers know they can obtain large amounts from ransomware attacks on health care entities that have valuable patient records and sensitive operations impacting patient safety.”
Warner asked the agencies to answer the following questions by March 22:
- To date, what proactive steps has your Department/Agency taken to identify and reduce cybersecurity vulnerabilities in the health care sector?
- How has your Department/Agency worked to establish an effective national strategy to reduce cybersecurity vulnerabilities in the health care sector?
- Has your Department/Agency engaged private sector health care stakeholders to solicit input on successful strategies to reduce cybersecurity vulnerabilities in the health care sector? If so, what has been the result of these efforts?
- Has your Department/Agency worked collaboratively with other federal agencies and stakeholders to establish a federal strategy to reduce cybersecurity vulnerabilities in the health care sector? If so, who has led these efforts and what has been the result?
- Are there specific federal laws and/or regulations that you would recommend Congress consider changing in order to improve your efforts to combat cyberattacks on health care entities?
- Are there additional recommendations you would make in establishing a national strategy to improve cybersecurity in the health care sector?
The move comes less than week after Warner solicited similar insight from a dozen leading health care organizations and is part of the senator’s broader effort to not only determine the scope of risks that presently exist, but to work directly with public and private stakeholders to develop a national strategy to protect the health care sector from cyberattacks and other vulnerabilities in both the near and long term.
“It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience, and security of our health care industry,” Warner wrote.