Tuesday, two lawmakers sent a letter to the majority staff of the House Committee on Homeland Security requesting hearings on the cybersecurity posture of the nation’s healthcare and lifeline sectors in the wake of the recent worldwide ransomware attacks that brought many hospitals in Europe, especially in the UK, virtually to their knees, endangering lives of patients either in surgery or preparing to go into surgery.
Rep. Cedric L. Richmond (D-LA), ranking member of the Cybersecurity and Infrastructure Protection Subcommittee, and Rep. Donald M. Payne Jr. (D-NJ), ranking member of the Emergency Preparedness, Response and Communications Subcommittee, said in a joint statement that “we have watched as hospitals, utilities, factories, banks and other essential service providers across the globe were crippled by a massive wave of ransomware attacks. Doctors lost access to patient data, medical procedures were cancelled, ambulances had to be re-routed and hospitals were forced to turn people away.”
“Incidents like this,” they wrote, “remind us of the vulnerability of our healthcare system and the interconnectedness of our lifeline sectors. We have seen recent attacks carried out against these ‘lifeline’ entities – including the electrical grid and emergency services providers like 9-1-1 call centers. These events show how little we gain from the President’s hollow command that agencies ‘identify capabilities and authorities’ that ‘could be employed’ to assist our most critical infrastructure.”
“That is why we are calling for a hearing to examine the cybersecurity posture of our health care system and the lifeline sectors that support it,” the lawmakers said in their letter. “The Homeland Security Committee must show that it stands ready to support the Department of Homeland Security and its interagency partners to make sure it has the resources necessary to carry out this crucial mission.”
Richmond and Payne said “we believe it is crucial that our Subcommittees hold a hearing to examine the cybersecurity posture of our healthcare sector, and the security and resilience of emergency services, emergency communications, transportation and energy systems upon which the healthcare sector relies. For these ‘lifeline sector’ systems, a failure or disruption could mean the difference between life and death.”
As Homeland Security Today has repeatedly reported, tabletop, real-time exercises and real world natural disasters have crippled hospitals, EMS, police and other healthcare personnel, showing that natural disasters alone can, and have, brought emergency public health care systems to a grinding halt. A cyber attack specifically targeting widespread public health and preparedness systems – perhaps combined with a terrorist biological attack – could cause a wholesale collapse of the nation’s emergency healthcare system, resulting in untold numbers of deaths, especially as the bio-pathogen spreads uncontrolled during such a scenario. Meanwhile, viral and bacteria-resistant pathogens could also spread without control due to a breakdown in the supply chain and quick depletion of the government’s Strategic National Stockpile.
“For years, the Department of Homeland Security (DHS) has forecast a rise in cyber attacks against law enforcement, fire departments and other providers of emergency services,” the lawmakers pointed out, noting, “We have seen 9-1-1 call centers targeted, including an incident last October when centers in a dozen states were paralyzed by botnet attacks. A few months ago, the Department of Energy (DOE) reported the ‘the US grid faces imminent danger from cyber attacks.’ This is a bold prediction that the Committee on Homeland Security cannot afford to ignore.”
Continuing, the lawmakers stated, “In its sector-specific plan developed pursuant to Presidential Policy Directive 21, Critical Infrastructure Security and Resilience (PPD-21), the Healthcare and Public Health Sector recognizes that it ‘could not function without resources and services provided by many other sectors, in particular, the so-called lifeline functions — transportation, communications, energy and water – as well as emergency services. These sectors provide necessary goods and services that support nearly every home and business across the country, are commonplace in everyday life, and are critical to disaster response and community resilience."
“As such,” Richmond and Payne said,” our committee needs to hear from the health care community, emergency services providers and other lifeline sector representatives to learn what obstacles they face in securing their systems and maintaining continuous operations in the event of a cyber attack. We request that the Subcommittees hold such a hearing promptly.”