Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation

November 14, 2017
by Heather Landi
| Reprints
Click To View Gallery

A healthcare-specific cybersecurity communication center within the U.S. Department of Health and Human Services (HHS) is now at the center of an investigation into contracting irregularities and possible fraud allegations, according to a report by Politico.

The Healthcare Cybersecurity Communications Integration Center (HCCIC), which went live at the end of June, was established to protect the nation’s healthcare system from cyber attack. HCCIC focuses its efforts on analyzing and disseminating cyberthreats across the healthcare industry in real time.

According to an article written by Politico’s Darius Tahir, the fledgling HHS initiative has been “paralyzed” by the removal of its top two officials. Leo Scanlon, deputy chief information security officer at HHS, who ran the HCCIC, was put on administrative leave in September and his deputy, Maggie Amato, left the government, Tahir wrote.

“An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed,” Tahir wrote. “The two executives, Leo Scanlon and Maggie Amato, allege they were targeted by disgruntled government employees and private-sector companies worried the cyber center would take away some of their business.”

According to Tahir’s reporting, the top officials’ departures have put the center’s work on hold and left many healthcare officials worried about its fate, and at a time when the healthcare industry is facing evolving, persistent cyber attacks.

HHS officials touted the center’s success in light of the WannaCry ransomware attack back in March, in which the U.S. healthcare system saw minimal impact. On March 12, a cyber attack using the WannaCry ransomware virus spread quickly across the globe, infecting hundreds of thousands of devices in a dozen countries in a matter of hours. Computer systems at 40 National Health System (NHS) hospitals in the United Kingdom were infected, which forced many of those hospitals to reduce services, cancel certain operations and turn away all but emergency patients.

As previously reported by Healthcare Informatics, during a House Energy and Commerce Oversight subcommittee hearing in June, Scanlon reported that HCCIC played an integral role in HHS’ coordinated response to the WannaCry incident, although the center wasn’t fully set up yet. “In the recent WannaCry mobilization, HCCIC analysts provided early warning about the impact to health care. This was first time a cyber attack was the focus of a mobilization,” he testified.

Scanlon testified during that hearing that when the WannaCry attack began and throughout the following days HHS took a central role in coordinating government resources and expertise, compiling and distributing relevant information, and generally serving as a hub for both public-and private-sector response efforts.

Politico’s Tahir reports that problems arose after a series of anonymous letters alleged that Scanlon and Amato had improper relations with contractors. “One July 4 letter asserted that companies received contracts with HHS after providing the two officials with free dinners and tours of California wineries, including a hot air balloon ride,” Tahir wrote.

Politico also reported that the HHS Office of the Inspector General confirmed that it opened an investigation after receiving an anonymous letter.

Tahir further reports, “Scanlon and Amato dispute the allegations, and filed reports detailing their alleged mistreatment with Congress. They also spoke on the record with POLITICO. In their version of events, they acknowledged meeting with contractors in Northern California but said the tours and meals were done on their own time at their own expense.”

The Politico story also states that HHS insists that the cyber center’s work is proceeding, with officials detailed from elsewhere at HHS and the federal government, and a search is underway to replace Scanlon and Amato.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Arizona ACO Pilots Blockchain Platform to Improve Clinical Outcomes, Reduce Costs

Arizona Care Network, a Phoenix-based accountable care organization (ACO), plans to pilot a blockchain technology platform developed by Solve.Care with the aim of improving clinical outcomes, relieving healthcare’s administrative burdens, and reducing waste within the system.

Protenus February Breach Report: Number of Incidents Remain Steady

The number of healthcare data breach incidents continues to remain steady, and in February’s Breach Barometer report from Protenus, it was revealed that last month, a ransomware attack was responsible for the largest single incident.

Prior Authorization Burdens Hindering Patient Care, AMA Survey Finds

Approximately 64 percent of physicians in a recent American Medical Association (AMA) survey said they wait at least one business day before getting a response from a health plan regarding a prior authorization (PA) decision.

Intermountain Healthcare to Build Global DNA Registry with AncestryDNA, 23andMe Data

Intermountain Healthcare is building a new global DNA registry based on medical histories from people around the world, using existing genetic test results and electronic health histories.

NH-ISAC Accelerates Cyber Threat Sharing for Healthcare Industry

The National Health Information Sharing and Analysis Center (NH-ISAC) is partnering with Anomali, a provider of threat management solutions, to enable seamless, secure threat sharing within the healthcare community.

Enterprise Telemedicine Strategies Gaining Steam, Survey Finds

Healthcare providers are increasingly leveraging a centrally-managed (enterprise) approach to telemedicine, according to the results of the REACH Health 2018 U.S. Telemedicine Industry Benchmark survey.