Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation

November 14, 2017
by Heather Landi
| Reprints
Click To View Gallery

A healthcare-specific cybersecurity communication center within the U.S. Department of Health and Human Services (HHS) is now at the center of an investigation into contracting irregularities and possible fraud allegations, according to a report by Politico.

The Healthcare Cybersecurity Communications Integration Center (HCCIC), which went live at the end of June, was established to protect the nation’s healthcare system from cyber attack. HCCIC focuses its efforts on analyzing and disseminating cyberthreats across the healthcare industry in real time.

According to an article written by Politico’s Darius Tahir, the fledgling HHS initiative has been “paralyzed” by the removal of its top two officials. Leo Scanlon, deputy chief information security officer at HHS, who ran the HCCIC, was put on administrative leave in September and his deputy, Maggie Amato, left the government, Tahir wrote.

“An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed,” Tahir wrote. “The two executives, Leo Scanlon and Maggie Amato, allege they were targeted by disgruntled government employees and private-sector companies worried the cyber center would take away some of their business.”

According to Tahir’s reporting, the top officials’ departures have put the center’s work on hold and left many healthcare officials worried about its fate, and at a time when the healthcare industry is facing evolving, persistent cyber attacks.

HHS officials touted the center’s success in light of the WannaCry ransomware attack back in March, in which the U.S. healthcare system saw minimal impact. On March 12, a cyber attack using the WannaCry ransomware virus spread quickly across the globe, infecting hundreds of thousands of devices in a dozen countries in a matter of hours. Computer systems at 40 National Health System (NHS) hospitals in the United Kingdom were infected, which forced many of those hospitals to reduce services, cancel certain operations and turn away all but emergency patients.

As previously reported by Healthcare Informatics, during a House Energy and Commerce Oversight subcommittee hearing in June, Scanlon reported that HCCIC played an integral role in HHS’ coordinated response to the WannaCry incident, although the center wasn’t fully set up yet. “In the recent WannaCry mobilization, HCCIC analysts provided early warning about the impact to health care. This was first time a cyber attack was the focus of a mobilization,” he testified.

Scanlon testified during that hearing that when the WannaCry attack began and throughout the following days HHS took a central role in coordinating government resources and expertise, compiling and distributing relevant information, and generally serving as a hub for both public-and private-sector response efforts.

Politico’s Tahir reports that problems arose after a series of anonymous letters alleged that Scanlon and Amato had improper relations with contractors. “One July 4 letter asserted that companies received contracts with HHS after providing the two officials with free dinners and tours of California wineries, including a hot air balloon ride,” Tahir wrote.

Politico also reported that the HHS Office of the Inspector General confirmed that it opened an investigation after receiving an anonymous letter.

Tahir further reports, “Scanlon and Amato dispute the allegations, and filed reports detailing their alleged mistreatment with Congress. They also spoke on the record with POLITICO. In their version of events, they acknowledged meeting with contractors in Northern California but said the tours and meals were done on their own time at their own expense.”

The Politico story also states that HHS insists that the cyber center’s work is proceeding, with officials detailed from elsewhere at HHS and the federal government, and a search is underway to replace Scanlon and Amato.

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Class Action Lawsuit Claims eClinicalWorks Deficiencies Led to Inaccurate Medical Records

A class action lawsuit filed Thursday in the U.S. District Court in the Southern District of New York alleges that electronic health records vendor eClinicalWorks failed “millions of patients by failing to maintain the integrity of patients’ records.”

HHS Secretary Names Three Members to HIT Advisory Committee

The U.S. Department of Health and Human Services (HHS) Acting Secretary Eric D. Hargan named three members to the Health Information Technology Advisory Committee (HITAC), established by the 21st Century Cures Act.

Survey Gauges Health System Preparedness for Quality Payment Program

A new survey indicates that most healthcare organizations are relying on EHRs and population health management solutions for quality performance management. However, survey respondents also report low satisfaction with these solutions, which puts organizations at risk of falling short of their goals for maximizing payment incentives.

House Committee Examining Personnel and Organizational Changes at HHS Cybersecurity Center

The House Committee on Energy and Commerce is examining whether the U.S. Department of Health and Human Services (HHS) retaliated against two key HHS cybersecurity officials and whether those actions weakened the federal agency’s role in responding to healthcare cybersecurity incidents.

Large Physician Group Joins Michigan’s Growing Statewide HIE Network

Oakland Physician Network Services (OPNS) has joined the Michigan Health Information Network Shared Services (MiHIN), a statewide health information network that continues to grow with now its 13th health information exchange qualified organization.

Survey Indicates Major Jump in Telemedicine Adoption in Past Three Years

A new survey shows broad acceptance of telemedicine services among health care executives and providers compared to just three years ago as 76 percent of healthcare professionals said their organizations currently offer or plan to offer telemedicine services.