Leo Scanlon

See the following -

Sidelined HHS Deputy Chief Information Security Officer blasts agency, claims cybersecurity center 'decimated'

Jessica Davis | Healthcare IT News | March 22, 2018

After being abruptly placed on admin leave, Leo Scanlon opens up about his 150-day leave, “dirty politics,” and what it means for the future of the HCCIC cybersecurity initiative...HHS’ HCCIC had overwhelming support from Congress and industry leaders when it launched as part of a partnership with the National Health Information Sharing and Analysis Center (NH-ISAC). It was designed to take a leadership role facilitating threat intelligence and other cybersecurity related information sharing and, in fact, played a pivotal role in fighting the global WannaCry attack in June of 2017.

Read More »

A Bureaucratic Mess Leads to Shutdown of HHS Cybersecurity Center

Jessie Bur | Federal Times | May 11, 2018

In May 2017, the Department of Health and Human Services decided to stand up its own version of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center in order to address the increasing cybersecurity risks to the health care sector. But creating the Health Cybersecurity and Communications Integration Center, or HCCIC, was the easy part. Soon after, the newfound center landed in the spotlight, sparking agency and industry drama about the role and scope of HHS authorities in information sharing.

Read More »

Congress Stepping in After Reorganizations, Leadership Vacuum Leave HHS Cybersecurity Center's Fate Unclear

David Thornton | Federal News Radio | June 20, 2018

The Health and Human Services Department doesn’t want to talk about its Health Cybersecurity and Communications Integration Center. And that’s no surprise, since it doesn’t seem to know what to do with it, and no one who was responsible for standing it up is involved with it anymore. Lawmakers from the House Committee on Energy and Commerce and the Senate committee on Health, Education, Labor and Pensions sent a letter on June 5 to HHS Secretary Alex Azar pointing out some significant omissions in the department’s Cybersecurity Threat Preparedness Report, which the department is required to submit to Congress. The report is supposed to detail HHS’ responsibilities and preparedness to deal with cyber threats in health care.

Read More »

HHS cybersecurity center so unstable staff don't know if it exists, Congress argues

Jessica Davis | Health IT News | June 6, 2018

The Senate HELP and House Energy and Committees are highly concerned about the U.S. Department of Health and Human Services’ cybersecurity plan, preparedness and the lack of leadership of its Healthcare Cybersecurity and Communications Integration Center -- and is demanding answers from HHS Secretary Alex Azar. The bipartisan letter to Azar outlines a laundry list of issues at HHS when it comes to its security plan. Among them, includes the temporary reassignment of two senior HCCIC officials in charge of the day-to-day operations.

Read More »

HHS Makes Changes to 'Wall of Shame' Breach Reporting Site

Marianne Kolbasuk McGee | Gov Info Security | July 25, 2017

The Department of Health and Human Services has made changes to its website, widely referred to as the "wall of shame," that lists reports of major health data breaches affecting 500 or more individuals. The changes come after complaints from some members of Congress and others that the website unfairly exposes breached organizations to endless public scrutiny because incidents are indefinitely listed on the site...

Read More »

HHS’ Cyber Threat Center Comes Out of Beta Soon

Heather Kuldell | Nextgov | May 12, 2017

The Health and Human Services Department’s nascent cybersecurity center will soon reach initial operating capability to help share threat information with a sector constantly under attack and often short of cyber personnel of its own. Based on the Homeland Security Department's National Cybersecurity and Communications Integration Center, the Healthcare Cybersecurity Communications and Integration Center will share health-care specific threats information with other agencies and the private sector...

Read More »

Securing Health Data Means Going Well Beyond HIPAA

Jon R. Anderson | GovTech Works | August 17, 2017

A two-decade-old law designed to protect patients’ privacy may be preventing health care organizations from doing more to protect vulnerable health care data from theft or abuse. The Health Insurance Portability and Accountability Act (HIPAA) established strict rules for how health data can be stored and shared. But in making health care providers vigilant about privacy protection, HIPAA may inadvertently distract providers from focusing on something just as important: overall information security...

Read More »