WASHINGTON (CN) — If there is any upside to last week’s hack of D.C. Health Link, which may have included a cache of personal information linked to members of Congress, Senator Gary Peters suggested that it is the possibility of it lighting a fire for more aggressive legislative action on cybersecurity issues.
“I have seen, just over the last few years, that the amount of attention that my colleagues have paid to cybersecurity has increased,” Peters told Courthouse News on the sidelines of a hearing Thursday at the Senate Homeland Security and Governmental Affairs Committee, which he chairs.
“We've been able to pass significant cyber legislation, normally on a unanimous basis,” the Michigan Democrat said. “So, when you see an incident, like what occurred last week, it normally continues to motivate folks in a way that they want to take action.”
The municipal authority that runs Washington’s online health insurance marketplace known as D.C. Health Link said Friday that more than 56,000 people had personal identifying information stolen in the March 8 cyberattack, and that 11,000 or so of those victims include members of Congress as well as congressional relatives and employees.
In his role as a committee chair, Peters said he has yet to receive a briefing on the status of Congress’ investigation into the breach — but he expects to get such an update soon.
The House Administration Committee, which is working alongside the U.S. Capitol Police and other authorities to conduct the inquiry, has said that it could take weeks to arrive at a conclusion.
In the meantime, the senator emphasized some of the legislative options already on the table to tackle cybersecurity issues. “There are a number of bills that we are working on, particularly after the president put out his cybersecurity framework," he said.
The Biden administration on March 2 unveiled its revamped cybersecurity strategy, aimed at, among other things, defending critical infrastructure from cyberattacks and investing in cybersecurity research and development to increase system resiliency.
Meanwhile Thursday, the Senate’s homeland security panel heard from a panel of experts on the cybersecurity threats posed by malicious actors on the U.S. health care network.
“We live in a world where healthcare is highly digital and highly connected, making us vulnerable,” said Scott Dresen, chief information security officer at Michigan-based hospital network Corewell Health. “Media reports of cyberattacks, data breaches and unintended exposure of sensitive data underscores the vulnerability of health care systems to these disruptive incidents, and the impact to our patients and members.”
Rural hospitals are particularly susceptible to these threats, said Kate Pierce, a senior virtual information security officer at healthcare security provider Fortified Health Security.
“Our rural hospitals are facing unprecedented budget constraints with up to 30% or more in the red,” Pierce said. “These small hospitals struggle to employ and retain skilled cybersecurity professionals.”
Cyberattacks at rural hospitals are also uniquely dangerous because these more isolated communities often lack a variety of health care options, Pierce added. If a breach at a rural hospital affects its ability to care for patients, people seeking medical help have few places to turn.
Pierce and Dresen agreed that Congress should provide incentives to health care networks that make cybersecurity technology and infrastructure more affordable. “We cannot leave our small and rural hospitals behind,” Pierce said. “Funding opportunities must be made available to these hospitals.”
Lawmakers should also work to reduce penalties for health care networks that fall victim to cyberattacks and other data breaches, Dresen said. “We understand and support the legislative intent to encourage adoption of best practices and the implementation of appropriate protections to safeguard our data,” he reasoned. “However, penalizing victims of cyberattacks when defensive measures can't keep up with the sophistication of hackers is not a fair approach.”
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.