Bipartisan House bill would designate cybersecurity chief for HHS
Reps. Billy Long, R-Missouri, and Doris Matsui, D-California, introduced a bill Wednesday that would allow the Department of Health and Human Services to restructure its cybersecurity personnel and allow the secretary to assign a single officer focused on cybersecurity.
Currently, HHS’ chief of security reports to its chief information officer. The CIO reports to the assistant secretary for administration.
In 2015, the U.S. House Committee on Energy and Commerce sought to change that structure, by placing the CISO and CIO on equal ground.
It recommended HHS reorganize its structure to move the CISO under General Counsel -- and the same level as the CIO, citing “systemic weaknesses in the traditional CIO-CISO organizational structure.”
Such a move would address issues with the current structure that keep the CISO from equal footing with the CIO.
The proposed bill would also require HHS to develop and submit a cybersecurity plan that describes how the agency intends to protect internal data and software from compromise and how it will assist other organizations within the healthcare system.
Further, HHS would have to show how it plans to differentiate those two roles.
“Patients deserve to know that their medical information is safe, and hospitals, manufacturers and insurance companies that handle patient data need guidance to ensure they are following best practices,” said Matsui.
“This bill builds on the legislation Congressman Long and I introduced last Congress, further encouraging HHS to implement the appropriate internal infrastructure that will ensure the agency is prepared to lead the healthcare industry in cybersecurity,” she added
This is not the first congressional bill to zero-in on HHS’ infrastructure.
After the WannaCry attacks, a House Science subcommittee expressed concern that the agency’s plan to form a Health Cybersecurity and Communications Integration Center would be redundant, as the Department of Homeland Security already has a similar hub in place.