Bennet Calls for Securing U.S. Health Agency Computer Networks Following Reports of Cyberactivity On HHS Network

Cyberactivity Comes As Coronavirus Pandemic Spreads

Washington, D.C. – Colorado U.S. Senator Michael Bennet called for a comprehensive review of all computer-based IT and network systems at the Department of Health and Human Services (HHS), Centers for Disease Control and Prevention (CDC), and the National Institutes of Health (NIH) following reports of cyberactivity on HHS networks, on Sunday, March 15. As the Coronavirus Disease 2019 (COVID-19) outbreak rapidly evolves, Bennet wrote to the leaders of agencies central to the COVID-19 federal response – HHS, CDC, and NIH – along with the Director of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security to urge action in response to the cyber incident. 

“Following reports of cyberactivity on Sunday, March 15, 2020, on the HHS computer system, I urge CISA to perform a comprehensive review of all computer-based IT and network systems at HHS, CDC, and NIH to identify and address any vulnerabilities now to limit exposure to future cyber incidents,” wrote Bennet in his letter. “As this public health crisis continues, perhaps for several months, the security of these vital systems is critical to ensuring that our federal agencies responsible for public health can effectively support our response to the pandemic and continue to provide trusted and timely information to the American people.” 

In addition to calling for a CISA review of the computer network systems, Bennet urged collaboration to determine what is needed to secure the agencies’ networks. He also urged proactive development of contingency plans to respond to future cyber incidents.

The text of the letter is available HERE and below.  

Dear Director Krebs, Secretary Azar, Director Redfield, and Director Collins:

As the U.S. government responds to the COVID-19 pandemic, I urge you to allow the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to assess infrastructure at the Department of Health and Human Services (HHS), Centers for Disease Control and Prevention (CDC), and National Institutes of Health (NIH). 

Following reports of cyberactivity on Sunday, March 15, 2020, on the HHS computer system, I urge CISA to perform a comprehensive review of all computer-based IT and network systems at HHS, CDC, and NIH to identify and address any vulnerabilities now to limit exposure to future cyber incidents. We also urge you to work collaboratively to swiftly determine what additional resources and staff you may require to secure these critical networks. Finally, I urge agencies to establish contingency plans to ensure a robust and effective response to future cyber incidents. 

As this public health crisis continues, perhaps for several months, the security of these vital systems is critical to ensuring that our federal agencies responsible for public health can effectively support our response to the pandemic and continue to provide trusted and timely information to the American people. 

Thank you for your attention to this critical matter.

Sincerely,