A bipartisan group of U.S. Senators and U.S. Representatives penned a joint letter June 5 to HHS Secretary Alex Azar raising concern about the agency's troubled cybersecurity center.
The signatories wrote the letter in response to HHS' Cyber Threat Preparedness Report, which was released in April. The lawmakers noted the report lacked information regarding the Healthcare Cybersecurity and Communications Integration Center, an initiative HHS first announced in April 2017, but has been stalled since at least November.
Chris Wlaschin, former chief information security officer at HHS, indicated in April 2017 HCCIC would open two months later in June 2017, and serve as a collaborative information analysis center for the healthcare industry, similar to the U.S. Department of Homeland Security's National Cybersecurity and Communications Integration Center.
"Few additional details were provided, offering little clarity on how the HCCIC would fit into the larger healthcare cybersecurity picture ... raising concerns that the HCCIC could duplicate work by entities such as the NCCIC or National Health-Information Sharing and Analysis Center," the letter reads.
In September 2017, HHS temporarily reassigned two senior officials responsible for the day-to-day operation of the HCCIC to unrelated duties in response to various ethics allegations. The removal of these senior officials has contributed to the confusion surrounding the status of the HCCIC, according to the letter.
"Stakeholders have informed our staffs that they no longer understand whether the HCCIC still exists, who is running it or what capabilities and responsibilities it has," the lawmakers wrote, noting HHS has provided only vague responses to requests for clarification on these issues.
To address the issues, the lawmakers suggested HHS develop an updated Cyber Threat Preparedness Report with a detailed explanation of the HCCIC, its responsibilities, how its operations intersect with existing cybersecurity information sharing centers and how it fits into HHS' broader cybersecurity capabilities.
To access the Congressional leaders' letter, click here.