A bill to establish the Office of the Chief Information Security Officer within the U.S Department of Health and Human Services was introduced in the House of Representatives this week.
On April 26, Energy and Commerce Committee Members Rep. Doris Matsui, D-California, and Rep. Billy Long, R-Missouri, introduced the HHS Data Protection Act to elevate the HHS CISO from its current position under the HHS' chief information officer.
"The integration of information technology into nearly every aspect of our daily lives means our security landscape has changed dramatically," said Matsui said in a statement. "As the network of cybercriminals becomes increasingly sophisticated, our operational structures and strategies must evolve accordingly."
The bill builds on the Obama Administration's Cybersecurity National Action Plan, which emphasizes the need for a CSIO to improve cybersecurity. In response to the plan, the Administration created a Federal Chief Information Security Officer position to exclusively focus on Federal cybersecurity operations.
The legislation is in part a response to the committee's August 2015 report on the FDA's information security that found "pervasive and persistent deficiencies across HHS and its operating divisions' information security programs" after its internal network was breached.
"It's impossible to completely eradicate the threat of cyber-attacks, but the American people deserve to know their sensitive information is being safeguarded with the utmost security," said Long, in a statement.
"In light of recent data breaches across America's federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind," he said.
