Sidelined HHS Deputy Chief Information Security Officer blasts agency, claims cybersecurity center 'decimated'

Jessica Davis | Healthcare IT News | March 22, 2018

After being abruptly placed on admin leave, Leo Scanlon opens up about his 150-day leave, “dirty politics,” and what it means for the future of the HCCIC cybersecurity initiative.

With reports that Health and Human Services Chief Information security officer Christopher Wlaschin stepping down at the end of this month, the department’s role in leading and facilitating security efforts in healthcare and other industries is more uncertain than ever. The HHS Healthcare Cybersecurity Communications and Integration Center, in fact, has already been at the center of ongoing questions since Sept. 6, 2017, when HHS Deputy CISO Leo Scanlon and HCCIC Director Maggie Amato were abruptly reassigned for what they said was an investigation into allegations for “ethics violations.”

Leo Scanlon at a hearing examining the role of HHS in healthcare cybersecurity, on June 8, 2017. Credit-Energy & Commerce CommitteeThe House Energy and Commerce Committee is currently investigating HHS to determine whether it penalized Scanlon and Amato for whistleblowing. While the investigation is pending, the committee is operating under the assumption these allegations appear credible. The committee has two major concerns: interference with the constitutional duty to conduct oversight and cybersecurity...

HHS’ HCCIC had overwhelming support from Congress and industry leaders when it launched as part of a partnership with the National Health Information Sharing and Analysis Center (NH-ISAC). It was designed to take a leadership role facilitating threat intelligence and other cybersecurity related information sharing and, in fact, played a pivotal role in fighting the global WannaCry attack in June of 2017.