Healthcare Information Security

Cybersecurity News

Senator Taps FDA, HHS, CMS, NIST for Healthcare Cybersecurity Insights

Just a few days after asking healthcare industry stakeholders like HIMSS for feedback on improving cybersecurity, Sen. Mark Warner took his health security push to the federal level.

federal healthcare cybersecurity efforts

By Jessica Davis

- Sen. Mark Warner, D-Virginia, is stepping up his push to bolster cybersecurity in the healthcare sector, calling on the Food and Drug Administration, the Department of Health and Human Services, and other federal agencies to provide insight on the government’s efforts to reduce vulnerabilities in healthcare.

NIST and the Centers for Medicare and Medicaid Services were also asked to provide feedback.

The letter was sent just four days after Warner called on some of the industry’s largest stakeholders, like HIMSS, the American Medical Association, and others, to help develop a short- and long-term plan to reduce healthcare’s cybersecurity flaws.

On Monday, Warner took his fight to the federal level and asked for insight into just how these agencies are tackling healthcare’s security challenges, specifically asking for strategic recommendations and details on the federal measures in place that are meant to shore up these threats.

The letters come in response to the increased number of patient records breached in the sector, as well the continued threat of hacking and other security challenges. Healthcare has continued to struggle to adopt strong security tools and policies, often due to a lack of resources and staffing shortages.

Further, a 2017 Trend Micro report showed 100,000 healthcare devices and systems, like EHRs and medical devices, were directly exposed to the internet, Warner explained.

“The sensitive nature of medical information makes the healthcare industry a lucrative target for criminals seeking to profit from personally identifiable information,” Warner wrote. “Medical records often contain private information, including a patient’s social security number, address, and health history.”

“When stolen, this information can be used to conduct identity theft,” he continued. “The importance of continued availability of health data also makes health care organizations lucrative targets for ransomware attacks.”

As a result, he’d like to work with these agencies to develop strategies to strengthen information security. Warner asked the groups to provide feedback on these areas: how their organization identifies and reduces vulnerabilities, how they’ve worked to establish an effective national cybersecurity strategy, and how they engage with industry stakeholders to reduce those flaws and any results.

Warner also asked for recommendations on whether there were any laws and regulations that could be changed to improve cybersecurity efforts in healthcare, as well as recommendations on just how to establish a national cybersecurity challenge.

In the last year, federal and state regulators, as well as Congress, have moved toward bolstering national cybersecurity and privacy efforts. On Tuesday, House members will meet to address a potential national privacy policy, while state attorneys generals have also worked to both crack down on breached organizations and address privacy and security concerns.

Just this week, New York Governor Andrew Cuomo ordered an investigation into Facebook’s health data practices, while California introduced legislation that would mandate organizations notify individuals when biometrics or passport information was breached.

Currently, North Carolina, Illinois, and other states are considering bolstering privacy and security regulations.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...