R-La at the start of Wednesday's Senate hearing on cybersecurity in the healthcare sector. Senator Bill Cassidy of the group spent some time pleading lawmakers and witnesses to focus on the topic at hand.
Cassidy, chair of the Senate's Health, Education, Labor and Pensions Committee, is member Bernie Sanders, I-Vt. , or the attempt by ranking witnesses to guide hearing in that direction was a “distraction,” and at one point Louisiana Republican accused Sanders of spreading “half-truth.”
“It's about cybersecurity,” Cassidy said. “I'm so grateful to those who actually talked about cybersecurity (all) and I'm really grateful.”
However, during the hearing, multiple witnesses warned that the Republican law would have a devastating impact on cybersecurity and basic services in the healthcare sector, which is already plagued by digital threats. Others have denounced what they see as a general pullback from the federal government in supporting healthcare and healthcare cybersecurity under the Trump administration.
Some witnesses have drawn disastrous funding drawings for rural and local hospitals that can only be worsened as a reduction in GOP. This calls for an overall cut in federal government-wide cybersecurity spending of $1.23 billion, along with President Trump's budget proposals that include hundreds of millions of dollars for Medicaid and other healthcare programs.
Robert Weissman, co-president of the nonprofit government's accountability group Public Citizen, said cuts to Medicaid and other programs would “put pressure on rural and other agencies that do not have the cybersecurity utmost.”
Cyber is often a lot of priorities when healthcare budgets get tighter, according to Linda Stevenson, chief information officer at Fisher Cheusas Medical Center in Ohio.
The majority of small healthcare providers are already open in Red and Stephenson, who also double as Chief Information Security Officers at Fisher Titus. Many organizations say they don't have the money to hire even basic cybersecurity staff or provide competitive salaries.
“We compete for talent with much larger and better resource organizations across the country,” she said. “When hospitals face budget constraints due to stagnant payment rates, they are often forced to re-expend, direct limited resources towards immediate operational needs and move them away from long-term spending such as cybersecurity.”
Other groups, such as the American Hospital Association, say that Cut “promotes uncompensated care for hospitals and health systems that affect their ability to serve all patients,” but forced hospitals to reduce staffing and other critical services to the bone.
Beyond healthcare cuts, some witnesses have appealed to lawmakers for the return of federal groups such as the Critical Infrastructure Partnership Advisory Committee (CIPAC). The Council was one of many DHS advisory agencies and was immediately cancelled by the Trump administration shortly after taking office.
Greg Garcia, executive director of the Coordination Council for Healthcare and Public Health, said the Trump administration's decision to disband CIPAC “for reasons that are perplexed by us” left federal stakeholders in many of these conversations about how providers can counter bad actors in cyberspace.
“We are the owners and operators of the private sector of the health system and it is our responsibility to ensure that it is security and resilience, but the government should be at the table with us,” Garcia said.
The healthcare industry continues to deal with fallout from Healthcare Hack Change last year. The biggest hack in healthcare history ultimately affected more than 190 million personal data, delaying healthcare payments and causing disruption to services in the US
One thing Hack demonstrates is that IT and change providers are so widely dependent in the healthcare sector that disruption can cause widespread downstream impacts on hospitals and healthcare providers. It also highlighted the number of different streams from health data companies such as Healthcare Collect and Process Change.
Sen. Maggie Hassan (DN.H.) noted that some of the Huck victims were not notified by healthcare changes that the data had been affected until a year after the incident.
Garcia had no insight into why the company had been waiting so long to notify some victims, but he and several other witnesses pointed out the dizzying constellations of third-party provider hospitals.
Finally, Garcia said his organization is mapping the entire healthcare sector to see where utilities like other critical services and changes that could become “chokepoints,” as well as “prioritizing critical infrastructure entities and federal support.”
Written by Derek B. Johnson
Derek B. Johnson is a Cybercoup reporter, and his beat includes cybersecurity, elections and the federal government. Previously, since 2017, it has provided award-winning coverage of cybersecurity news in the public and private sectors for a variety of publications. Derek holds a bachelor's degree in print journalism from Hofstra University in New York and a master's degree in public policy from George Mason University, Virginia.
