Josh Hawley Asks Experts How Congress Can Better Protect Rural Hospitals From Cyberattacks

Forbes Breaking News

During a Senate Health Committee hearing on Wednesday, Sen. Josh Hawley (R-MO) spoke about cyberattacks against rural hospitals.

Transcript

00:00Thank you, Mr. Chairman. Thanks to the witnesses for being here. Mr. Garcia, if I could just start

00:05with you, I want to talk a little bit about the challenges that rural hospitals in particular

00:09face from cyber attacks, malicious actors. What do you think, thinking about the Volt Typhoon

00:15attack of this last year, year and a half, what do you think are the most important lessons that

00:21we ought to draw from that attack, and particularly if you could apply this to rural hospitals and

00:25the challenges that they face? Well, thank you, Senator. Certainly, there are very sophisticated

00:30attacks out there from nation states and other sophisticated criminal groups that are beyond

00:35the capacity of rural, small, critical access health systems to counter even the larger health systems.

00:42We cannot beat nation states. We did a publication in May called On the Edge. We interviewed 40

00:51executives across 30 states, not just rural, but critical access, FQHC, small practices, asking

00:58them, what are your concerns about cybersecurity? How are you prepared to deal with it? And what

01:03would you need from the government or from your community to support you on that? And the results

01:10were not surprising. They said, we know what to do. We don't have, as Ms. Stevenson said, we don't have

01:16the capacity in workforce to deal with this. We don't necessarily need training. We need people, bring

01:22the people in, and we need some support, whether it's financial incentives to invest in better

01:28cybersecurity or direct financial support. So there's a lot of, I commend the report to you. There's a lot of

01:37recommendations in there for both us in the industry and for the government. Ms. Stevenson, do you want to add

01:42anything to this? I think that was a great summary. Thank you. More than 40% of the hospitals in Missouri,

01:49my state, are rural hospitals, and about half of those are critical access hospitals. And I just

01:54want to underscore something you said, Mr. Garcia, that many of these hospitals have faced some level

01:58of cyber attack, and they simply don't have the personnel or the budget to deal with it. They don't,

02:03they don't have a cybersecurity officer on staff. They don't have the budget to, to work on turning back

02:09cyber attacks. What should Congress be doing to help rural hospitals in particular be able to meet the

02:15challenge of malicious cyber actors and the threats that this poses to patients, that it poses to

02:22hospital staff, that it poses to the, to the working of the hospital? I mean, what, what can we be doing

02:26to help rural hospitals? I'll start with you, Mr. Garcia, and then anybody on the panel who wants to

02:30respond is welcome to. Well, certainly we've talked about better incentives. When you think about

02:35CMS, can they tie some level of reimbursement to better cybersecurity practices? You're doing the

02:41right thing. You're, you're implementing the, the health industry cyber practices that we produced,

02:46or the NIST framework. We're going to give you a little bit of a bump on your reimbursement. That's

02:51real money. Senator Husted talked about, about National Guards at the state level, those who can help

02:59in what we call a 9-1-1 cyber civil defense. How can we rally the community around your rural

03:05hospitals who do have the expertise? It's a lower cost option, but where, where the government can

03:12be using its reimbursement authority as leverage, that can be helpful. Very good. Anybody else want

03:17to add to this? Yes, sir. Mr. Weisman. Well, two points. One, unfortunately, I'm afraid that the

03:24reconciliation costing rural hospitals Medicaid funding is going to make some of these

03:28challenges harder. But two, I wanted, in building on work that you've done, and Mr. Garcia talked

03:34about change healthcare as a utility, because we have so much concentration in the industry. It is

03:39true that rural hospitals are just overwhelmed, but the large companies are not, and they are not

03:45investing enough. And there is a, I think, a need to impose extra obligations on them, new standards,

03:51and absolutely to maintain their liability. I disagree with the suggestions to remove liability. The way

03:57they're going to be held accountable if we don't have adequate regulatory standards is through lawsuits

04:01that make them pay retrospectively. Better if we could stop it in the first place.

04:05I've introduced a bipartisan bill called the Rural Hospital Cybersecurity Enhancement Act.

04:10It does some of the things that you were just talking about, Mr. Garcia. It starts at just a very

04:14baseline level, directing HHS to develop a comprehensive cybersecurity strategy for rural hospitals,

04:20to look at workforce needs, to look at funding needs. I think this is long past due, and again,

04:26I can just tell you, coming from a state where 40% of our hospitals are rural. I grew up in a rural area.

04:31I live in a rural area now. I grew up in a rural area. Those hospitals are often the lifeblood of

04:36those communities, and they literally save people's lives. And we've got to do more than we are doing

04:40now to protect those hospitals, number one, in all of their operations, but also, number two,

04:46in helping them from the cybersecurity threat, because they're simply not equipped to deal with it.

04:50And realistically, they're not going to be absent some assistance from the federal government.

04:54They do not have the wherewithal on their own. So we've got to do more. I hope that we'll be able

04:58to mark up this bill soon in this committee and take it to the floor as a place to start.

05:02Thank you all for your testimony, and thank you, Mr. Chairman.

05:05Thank you, Senator.

Category

Transcript

Recommended