Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Media Report: HHS Cybersecurity Initiative Stalled Due to Contracting Investigation

November 14, 2017
by Heather Landi
| Reprints
Click To View Gallery

A healthcare-specific cybersecurity communication center within the U.S. Department of Health and Human Services (HHS) is now at the center of an investigation into contracting irregularities and possible fraud allegations, according to a report by Politico.

The Healthcare Cybersecurity Communications Integration Center (HCCIC), which went live at the end of June, was established to protect the nation’s healthcare system from cyber attack. HCCIC focuses its efforts on analyzing and disseminating cyberthreats across the healthcare industry in real time.

According to an article written by Politico’s Darius Tahir, the fledgling HHS initiative has been “paralyzed” by the removal of its top two officials. Leo Scanlon, deputy chief information security officer at HHS, who ran the HCCIC, was put on administrative leave in September and his deputy, Maggie Amato, left the government, Tahir wrote.

“An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed,” Tahir wrote. “The two executives, Leo Scanlon and Maggie Amato, allege they were targeted by disgruntled government employees and private-sector companies worried the cyber center would take away some of their business.”

According to Tahir’s reporting, the top officials’ departures have put the center’s work on hold and left many healthcare officials worried about its fate, and at a time when the healthcare industry is facing evolving, persistent cyber attacks.

HHS officials touted the center’s success in light of the WannaCry ransomware attack back in March, in which the U.S. healthcare system saw minimal impact. On March 12, a cyber attack using the WannaCry ransomware virus spread quickly across the globe, infecting hundreds of thousands of devices in a dozen countries in a matter of hours. Computer systems at 40 National Health System (NHS) hospitals in the United Kingdom were infected, which forced many of those hospitals to reduce services, cancel certain operations and turn away all but emergency patients.

As previously reported by Healthcare Informatics, during a House Energy and Commerce Oversight subcommittee hearing in June, Scanlon reported that HCCIC played an integral role in HHS’ coordinated response to the WannaCry incident, although the center wasn’t fully set up yet. “In the recent WannaCry mobilization, HCCIC analysts provided early warning about the impact to health care. This was first time a cyber attack was the focus of a mobilization,” he testified.

Scanlon testified during that hearing that when the WannaCry attack began and throughout the following days HHS took a central role in coordinating government resources and expertise, compiling and distributing relevant information, and generally serving as a hub for both public-and private-sector response efforts.

Politico’s Tahir reports that problems arose after a series of anonymous letters alleged that Scanlon and Amato had improper relations with contractors. “One July 4 letter asserted that companies received contracts with HHS after providing the two officials with free dinners and tours of California wineries, including a hot air balloon ride,” Tahir wrote.

Politico also reported that the HHS Office of the Inspector General confirmed that it opened an investigation after receiving an anonymous letter.

Tahir further reports, “Scanlon and Amato dispute the allegations, and filed reports detailing their alleged mistreatment with Congress. They also spoke on the record with POLITICO. In their version of events, they acknowledged meeting with contractors in Northern California but said the tours and meals were done on their own time at their own expense.”

The Politico story also states that HHS insists that the cyber center’s work is proceeding, with officials detailed from elsewhere at HHS and the federal government, and a search is underway to replace Scanlon and Amato.

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Randy McCleese Named CHIME-HIMSS CIO of the Year

Randy McCleese, CIO of Methodist Hospital in Henderson, Ky., has been named 2017 John E. Gall Jr. CIO of the Year award by CHIME and HIMSS.

Ohio’s Summa Health Names New CIO

Akron, Ohio-based Summa Health has named Tanya Arthur its new senior vice president and chief information officer, replacing Greg Kall, who retired in December.

Survey: One in Five Healthcare Professionals Had Patient Data Breaches

A new survey finds that there is a disconnect between data breaches and the level of confidence that healthcare professionals have in protecting sensitive patient medical and healthcare data.

Georgia Statewide HIE Awards $500K in Grants

The Georgia Health Information Network (GaHIN), the statewide health information exchange (HIE) for Georgia, awarded a total of $500,000 to its members in 2017.

MedPAC Votes 14-2 to Scrap MIPS, Recommends Alternative Program

The Medicare Payment Advisory Commission (MedPAC), a nonpartisan legislative branch agency that provides the U.S. Congress with analysis and policy advice on the Medicare program, voted 14-2 on Thursday in favor of scrapping the Merit-based Incentive Payment System (MIPS) and replacing it with an alternative model of reimbursement.

DaVita Physician Solutions to Replace Nephrology-Specific EHR with Epic

DaVita Inc., a provider of kidney care services, has announced that DaVita Physician Solutions will partner with Epic to replace Falcon Physician, its nephrology-specific electronic health record.