Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Public Policy newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (March 18, 2020, 9:21 PM EDT) -- Sen. Michael Bennet, D-Colo., urged some top federal health agencies Tuesday to allow for an investigation into their computer networks by the Cybersecurity and Infrastructure Security Agency following a recent suspicious spike in activity on the network of the U.S. Department of Health and Human Services.
Following the incident, Bennet wrote that with the COVID-19 health crisis underway "the security of these vital systems is critical to ensuring that our federal agencies responsible for public health can effectively support our response to the pandemic and continue to provide trusted and timely information to the American people."
The letter came in reaction to a Sunday incident in which HHS security staff alerted federal law enforcement after spotting a "significant increase in activity on HHS cyber infrastructure," HHS spokesperson Caitlin Oakley said.
The incident did not have any impact on the agency's services, which are "fully operational as we actively investigate the matter," Oakley added.
HHS oversees agencies across the U.S. government, including the Centers for Disease Control and Prevention and the National Institutes of Health, which are currently coordinating a response to the COVID-19 virus, including by sharing information about the number of confirmed U.S. cases. Bennet's letter sought a CISA review of the cyber defenses of all three of the agencies.
Bennet said he urges "CISA to perform a comprehensive review of all computer-based IT and network systems at HHS, CDC, and NIH to identify and address any vulnerabilities now to limit exposure to future cyber incidents. We also urge you to work collaboratively to swiftly determine what additional resources and staff you may require to secure these critical networks. Finally, I urge agencies to establish contingency plans to ensure a robust and effective response to future cyber incidents."
The Sunday incident comes as cybersecurity officials warn that institutions and businesses all over the world should be on high alert for potential cyberattacks amid the COVID-19 outbreak, particularly as more and more employees are forced to work from home.
CISA warned Friday that malicious cyber actors are finding security vulnerabilities of the virtual private networks, or VPNs, that organizations often use to enable remote workers to connect to a shared network.
The White House's National Security Council said Monday it was investigating a "cyber incident related to the Health and Human Services computer networks," according to a statement from NSC spokesman John Ullyot.
"HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks," Ullyot said, adding that "HHS and federal networks are functioning normally at this time."
--Additional reporting by Ben Kochman. Editing by Gemma Horowitz.
For a reprint of this article, please contact reprints@law360.com.
