Written by Jeff Stone
A vocal senator on U.S. cybersecurity matters wrote on Monday to four government agencies, seeking more information about how they are working to mitigate cyber risk in the health care sector.
Sen. Mark Warner, D-Va., asked the agencies how they were working to resolve apparent security vulnerabilities and urged them to provide strategic recommendations on how to fend off attacks in the medical sector. Warner’s office wrote to the Food and Drug Administration, the Department of Health and Human Services, the Centers for Medicare and Medicaid Services and National Institute of Standards and Technology.
The letter comes amid ongoing scrutiny over an apparent lack of security at many health care organizations. Hackers have haunted the industry for years, leveraging medical devices to steal valuable personal information or launch highly publicized ransomware attacks.
The senator last week asked a number of health care organizations how the federal government can more effectively help rectify security issues.
“The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending,” Warner said in a statement.
“However, the increased use of technology has also left the health care industry more vulnerable to attack. As we welcome the benefits of health care technology we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.”
Warner asked departments and agencies if they have worked collaboratively with private sector companies to reduce security vulnerabilities in the industry, whether they would recommend specific changes to laws or regulations to improve security and four other questions.
Digital vulnerabilities in the health care sector have resulted in the exposure of health information belonging to many millions of Americans.
The University of Washington Medicine said in a statement last week it discovered data about roughly 974,000 patients was available online for weeks, and that administrators only learned of the breach after a patient search themselves on Google to find sensitive data. That breach came nearly four years after health insurer Anthem reported that hackers had gained access to information about roughly 80 million customers in what since has become a watershed moment for the industry.