Sen. Gary Peters, D-Mich., urged the White House to strengthen cybersecurity defenses for the U.S. healthcare system amid concerns of cyberattacks intended to steal COVID-19 treatment and vaccine research.
In his letter to President Trump, Sen. Peters cites another letter he sent the White House on May 12 urging them to take action to ward off cyberattacks. He also highlights a July 16 advisory from the United States, United Kingdom, and Canada which stated that the Russian Government has also been targeting the U.S. healthcare system, in search of COVID-19 vaccine development and testing data. Additionally, Sen. Peters mentioned a Nov. 13 alert from Microsoft that warned of hacking groups connected to the Russian and North Korean governments targeting COVID-19 vaccine and treatment researchers in Canada, France, India, South Korea, and the United States.
“I am angered by these government-sponsored cyber-attacks and your lack of action to deter them over the past months,” Sen. Peters wrote. “And now you’ve decided to fire the Director of the Cybersecurity and Infrastructure Security Agency (CISA), the Deputy Director of CISA, and the CISA Assistant Director for Cybersecurity. CISA, with the Department of Defense, is responsible for the cybersecurity of your own Operation Warp Speed to develop a COVID-19 vaccine and you’ve removed its top three cybersecurity leaders.”
Sen. Peters continued to say that he does have “full confidence in the dedicated workforce at CISA to continue to execute their mission despite your actions.” However, he argues that the firings at CISA “invites attacks from our adversaries based on a perception of instability.”
He says, “this is not about keeping COVID-19 vaccine research for Americans alone, it is about ensuring that the institutions performing this research are not experiencing intrusions onto their systems that could disrupt or destroy this research … These hackers put the lives of Americans at risk.”
Sen. Peters detailed four measures the White House should take to protect the U.S. healthcare system from further cyberattacks:
- “Directing CISA and [U.S. Cyber Command] to continue to prioritize cybersecurity support to hospitals and medical research institutions, including providing risk and vulnerability assessments and sharing cyber threat intelligence information with those organizations.
- Utilizing all levers of national power – diplomatic, military, economic, and law enforcement – to deter adversary governments from any attacks against the U.S. healthcare system and make clear that any attack on our medical systems will be treated as a significant threat to our country.
- Increasing cybersecurity funding as part of future COVID-19 funding requests to Congress for hospitals, medical and research institutions.
- Directing Secretary [of Health and Human Services (HHS) Alex] Azar to prioritize HHS information technology appropriations towards improvements in cybersecurity, and encouraging the Secretary to work with [the Government Accountability Office] and the HHS Inspector General to improve its cybersecurity posture.”