Skip to content

Alexander: Cyber Attack at MedStar Health Shows Need for HHS to Implement Cybersecurity Law “with the Urgency Patients and Hospitals Deserve”


Senate health committee provision in cybersecurity law would ensure HHS gives hospitals clear information on ways to prevent hackings, put someone at agency on flagpole for response to cyber attacks

Congress has passed a law to help keep hospitals and patients safe from these malicious attacks … Yesterday’s attack, which, unfortunately, is not unique, shows the need for HHS to implement the law with the urgency patients and hospitals deserve.”

WASHINGTON, D.C., March 29 – The chairman of the Senate health committee said yesterday’s hacking of MedStar Health shows the need for the U.S. Department of Health and Human Services (HHS) to implement cybersecurity legislation passed by Congress “with the urgency patients and hospitals deserve.”

“The consequences of cyber attacks like yesterday’s hacking at MedStar Health can be catastrophic for America’s patients—imagine, an attack leaving doctors unable to access crucial information in a patient’s health history or delaying a surgery for hours on end,” Chairman Lamar Alexander (R-Tenn.) today said. “Congress has passed a law to help keep hospitals and patients safe from these malicious attacks – calling for Health and Human Services to give hospitals and doctors clear information on the best ways to prevent a hack in the first place and putting someone at the agency on the flagpole if a cyber attack occurs. Yesterday’s attack, which, unfortunately, is not unique, shows the need for HHS to implement the law with the urgency patients and hospitals deserve.”

The attack on MedStar Health forced the hospital chain, which serves hundreds of thousands of patients, to shut down its email and health records database in an effort to keep the virus from spreading further throughout the organization. Yesterday’s incident follows similar cyber attacks targeting at least three other medical institutions in recent weeks.

Last year, the Senate health committee authored a provision, which passed as part of the Cybersecurity Information Sharing Act of 2015, that would help protect the health care industry from cyber attacks by:

  • Charging HHS and its subdivisions with naming an official who is responsible for leading the agency’s cybersecurity efforts—to coordinate response and so health organizations will know who is in charge of offering guidance and support;
  • Requesting that the agency issue a report on emerging cyber threats in the health care industry, so both the agency and the American public have an accurate picture of the impact of these attacks;
  • Creating a task force of health industry leaders and cybersecurity experts to identify the biggest challenges in securing against cyber threats and recommend specific solutions to the agency;
  • Charging the task force to create a central resource to distribute cyber intelligence from the federal government to health care organizations in near real time, so they can rapidly respond to active threats; and
  • Instructing HHS to create a series of best practices for health industry leaders to follow—on a voluntary basis—to help them keep their organization’s data as secure as possible. 

 

# # #

For access to this release and Chairman Alexander’s other statements, click here.