Cybersecurity professionals on Thursday called on the Biden administration to help defend health care systems from foreign attackers and said they fear the federal government is withholding actionable intelligence.
The cyber workers told Senate lawmakers the health care sector is suffering from constant attacks, and rather than share available data on hackers, the Biden administration has sometimes classified information generated by the private sector.
The federal government has stamped private sector information as secret instead of sharing its own intelligence, according to Greg Garcia, an executive representing an advisory council of more than 350 health care organizations and agencies combating cyberthreats facing the health sector.
“I think there is general consensus that there is a problem of overclassification in the government, too much information is being classified unnecessarily, and indeed information that sometimes flows from the private sector to the government is subsequently classified,” Mr. Garcia said at a Senate Homeland Security and Governmental Affairs Committee hearing.
The government takes the private sector data and adds its own classified context before sealing it from public view, according to Mr. Garcia, the Healthcare and Public Health Sector Coordinating Council Cybersecurity Working Group executive director.
Scott Dresen, Corewell Health’s chief information security officer, said he assessed that the federal government was not sharing available information with the health care network defenders because law enforcement officials have sometimes withheld detail while citing active investigations.
“Do you think there’s actionable intelligence that right now is unshared?” asked Sen. Richard Blumenthal, Connecticut Democrat, at the hearing.
“I think there probably is in the context of active investigations that may be taking place, and so the opportunity to share that with our sector as much as they can would be encouraged,” Mr. Dresen said.
Mr. Dresen told lawmakers he did not have specific details on the sources of cyberattacks, including on the nature of attacks from China compared with Russia.
“It’s just significant in terms of the daily barrage we get and are repelling to help protect us,” Mr. Dresen said.
The health care sector was the major target of ransomware attackers in 2022, according to the FBI’s Internet Crime Complaint Center. The FBI collected 870 complaints last year, indicating critical infrastructure organizations were victimized by ransomware, and 210 of those complaints came from the health care sector, according to the FBI’s 2022 Internet Crime Report.
All other critical infrastructure sectors trailed the health care sector in terms of complaints, with the health care sector tallying more complaints than several other industries combined, such as energy, transportation and manufacturing. The FBI’s report said not everyone reports ransomware incidents to its Internet Crime Complaint Center, so the full extent of ransomware damage may be greater.
The health care sector got hit by ransomware before last year. For example, American, Australian and British officials said in November 2021 that Iran-sponsored cyberattackers targeted victims in the U.S. health care and transportation sectors.
In June 2022, FBI Director Christopher A. Wray said Iran-sponsored cyberattackers planned to hit Boston Children’s Hospital but were stopped.
The Biden administration has taken steps to get key information out the door to cyber defenders it prefers.
The Biden administration established the Joint Cyber Defense Collaborative in 2021 to team national security and law enforcement agencies with tech firms to battle hackers and ransomware attackers.
President Biden’s long-awaited National Cybersecurity Strategy unveiled this month tasked law enforcement agencies, the intelligence community and other officials with identifying the intelligence needs of digital defenders and said they would work to share warnings and threat indicators with public and private partners.
“The federal government will increase the speed and scale of cyber threat intelligence sharing to proactively warn cyber defenders and notify victims when the government has information that an organization is being actively targeted or may already be compromised,” the strategy said.
As the Biden administration works to implement its cyber plan, it will have every reason to hurry. A data breach affecting a Washington health insurance marketplace last week exposed sensitive personal data such as Social Security numbers connected to lawmakers, their families and congressional staffers.