Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation

November 14, 2017
by Heather Landi
| Reprints
Click To View Gallery

A healthcare-specific cybersecurity communication center within the U.S. Department of Health and Human Services (HHS) is now at the center of an investigation into contracting irregularities and possible fraud allegations, according to a report by Politico.

The Healthcare Cybersecurity Communications Integration Center (HCCIC), which went live at the end of June, was established to protect the nation’s healthcare system from cyber attack. HCCIC focuses its efforts on analyzing and disseminating cyberthreats across the healthcare industry in real time.

According to an article written by Politico’s Darius Tahir, the fledgling HHS initiative has been “paralyzed” by the removal of its top two officials. Leo Scanlon, deputy chief information security officer at HHS, who ran the HCCIC, was put on administrative leave in September and his deputy, Maggie Amato, left the government, Tahir wrote.

“An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed,” Tahir wrote. “The two executives, Leo Scanlon and Maggie Amato, allege they were targeted by disgruntled government employees and private-sector companies worried the cyber center would take away some of their business.”

According to Tahir’s reporting, the top officials’ departures have put the center’s work on hold and left many healthcare officials worried about its fate, and at a time when the healthcare industry is facing evolving, persistent cyber attacks.

HHS officials touted the center’s success in light of the WannaCry ransomware attack back in March, in which the U.S. healthcare system saw minimal impact. On March 12, a cyber attack using the WannaCry ransomware virus spread quickly across the globe, infecting hundreds of thousands of devices in a dozen countries in a matter of hours. Computer systems at 40 National Health System (NHS) hospitals in the United Kingdom were infected, which forced many of those hospitals to reduce services, cancel certain operations and turn away all but emergency patients.

As previously reported by Healthcare Informatics, during a House Energy and Commerce Oversight subcommittee hearing in June, Scanlon reported that HCCIC played an integral role in HHS’ coordinated response to the WannaCry incident, although the center wasn’t fully set up yet. “In the recent WannaCry mobilization, HCCIC analysts provided early warning about the impact to health care. This was first time a cyber attack was the focus of a mobilization,” he testified.

Scanlon testified during that hearing that when the WannaCry attack began and throughout the following days HHS took a central role in coordinating government resources and expertise, compiling and distributing relevant information, and generally serving as a hub for both public-and private-sector response efforts.

Politico’s Tahir reports that problems arose after a series of anonymous letters alleged that Scanlon and Amato had improper relations with contractors. “One July 4 letter asserted that companies received contracts with HHS after providing the two officials with free dinners and tours of California wineries, including a hot air balloon ride,” Tahir wrote.

Politico also reported that the HHS Office of the Inspector General confirmed that it opened an investigation after receiving an anonymous letter.

Tahir further reports, “Scanlon and Amato dispute the allegations, and filed reports detailing their alleged mistreatment with Congress. They also spoke on the record with POLITICO. In their version of events, they acknowledged meeting with contractors in Northern California but said the tours and meals were done on their own time at their own expense.”

The Politico story also states that HHS insists that the cyber center’s work is proceeding, with officials detailed from elsewhere at HHS and the federal government, and a search is underway to replace Scanlon and Amato.

 

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

AHRQ Launches App Challenge for PRO Data Standardization

The Agency for Healthcare Research and Quality (AHRQ) has launched a competition to address the need for greater use of standardized patient-reported outcomes (PRO) data in clinical care and research.

Study: Many U.S. Hospitals won’t Reach HIMSS Stage 7 Until 2035

Unless the healthcare IT ecosystem experiences major policy changes or leaps in technological capabilities, many hospitals will not reach Stage 7 of HIMSS Analytics’ Electronic Medical Record Adoption Model until 2035, according to new research.

Amazon, Google, IBM and Other Tech Giants Pledge to Remove Barriers to Interoperability

Six of the world's biggest technology companies, including Microsoft, Google, IBM and Amazon, made a joint pledge at the White House Monday to remove interoperability barriers and to make progress on adoption of health data standards.

Mayo Clinic Elects New President and CEO

Gianrico Farrugia, M.D., current vice president, Mayo Clinic, and CEO of Mayo Clinic in Florida has been elected as the president and CEO of the Mayo Clinic, headquartered in Minnesota.

Fitbit, Blue Cross Blue Shield Launch Mobile Health Partnership

San Francisco-based fitness wearable maker Fitbit continues its push into the health plan market with a new digital health deal to incorporate its fitness tracker into health and wellness programs.

ASCO Picks IBM Watson Exec to Lead CancerLinQ

The American Society of Clinical Oncology (ASCO) has named a former IBM Watson executive as the new CEO of its CancerLinQ big data platform.