Maggie Amato
See the following -
Sidelined HHS Deputy Chief Information Security Officer blasts agency, claims cybersecurity center 'decimated'
After being abruptly placed on admin leave, Leo Scanlon opens up about his 150-day leave, “dirty politics,” and what it means for the future of the HCCIC cybersecurity initiative...HHS’ HCCIC had overwhelming support from Congress and industry leaders when it launched as part of a partnership with the National Health Information Sharing and Analysis Center (NH-ISAC). It was designed to take a leadership role facilitating threat intelligence and other cybersecurity related information sharing and, in fact, played a pivotal role in fighting the global WannaCry attack in June of 2017.
- Login to post comments
A Bureaucratic Mess Leads to Shutdown of HHS Cybersecurity Center
In May 2017, the Department of Health and Human Services decided to stand up its own version of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center in order to address the increasing cybersecurity risks to the health care sector. But creating the Health Cybersecurity and Communications Integration Center, or HCCIC, was the easy part. Soon after, the newfound center landed in the spotlight, sparking agency and industry drama about the role and scope of HHS authorities in information sharing.
- Login to post comments
Congress Stepping in After Reorganizations, Leadership Vacuum Leave HHS Cybersecurity Center's Fate Unclear
The Health and Human Services Department doesn’t want to talk about its Health Cybersecurity and Communications Integration Center. And that’s no surprise, since it doesn’t seem to know what to do with it, and no one who was responsible for standing it up is involved with it anymore. Lawmakers from the House Committee on Energy and Commerce and the Senate committee on Health, Education, Labor and Pensions sent a letter on June 5 to HHS Secretary Alex Azar pointing out some significant omissions in the department’s Cybersecurity Threat Preparedness Report, which the department is required to submit to Congress. The report is supposed to detail HHS’ responsibilities and preparedness to deal with cyber threats in health care.
- Login to post comments
HHS cybersecurity center so unstable staff don't know if it exists, Congress argues
The Senate HELP and House Energy and Committees are highly concerned about the U.S. Department of Health and Human Services’ cybersecurity plan, preparedness and the lack of leadership of its Healthcare Cybersecurity and Communications Integration Center -- and is demanding answers from HHS Secretary Alex Azar. The bipartisan letter to Azar outlines a laundry list of issues at HHS when it comes to its security plan. Among them, includes the temporary reassignment of two senior HCCIC officials in charge of the day-to-day operations.
- Login to post comments
HHS Emergency Update 2 - International Cyber Threat to Healthcare Organizations
[The HHS Office of the Assistant Secretary for Preparedness and Response] held our sector call today with over 1800 participants. The information below is responsive to several requests for information noted on the call. In addition, we would like to flag for the community that a partner noted an exploitative social engineering activity whereby an individual called a hospital claiming to be from Microsoft and offering support if given access to their servers. It is likely that malicious actors will try and take advantage of the current situation in similar ways. Additionally, we received anecdotal notices of medical device ransomware infection. Please note the directions below.
- Login to post comments
HHS’ Cyber Threat Center Comes Out of Beta Soon
The Health and Human Services Department’s nascent cybersecurity center will soon reach initial operating capability to help share threat information with a sector constantly under attack and often short of cyber personnel of its own. Based on the Homeland Security Department's National Cybersecurity and Communications Integration Center, the Healthcare Cybersecurity Communications and Integration Center will share health-care specific threats information with other agencies and the private sector...
- Login to post comments
Securing Health Data Means Going Well Beyond HIPAA
A two-decade-old law designed to protect patients’ privacy may be preventing health care organizations from doing more to protect vulnerable health care data from theft or abuse. The Health Insurance Portability and Accountability Act (HIPAA) established strict rules for how health data can be stored and shared. But in making health care providers vigilant about privacy protection, HIPAA may inadvertently distract providers from focusing on something just as important: overall information security...
- Login to post comments