HHS has finally tipped its hands on its cybersecurity policy, rolling out a rebranded Healthcare Cybersecurity and Communications Center and promising to publish updates of its digital defense strategy.
The descriptions come in an Oct. 4 letter, a long-delayed response by the department to requests from the HELP and Energy and Commerce committees’ leadership.
In the letter, the department said it would roll out updates to its cybersecurity strategy document and promised a report detailing best practices in digital defenses by the end of the year.
The response letter contains no explicit reference to the beleaguered HCCIC—the center intended as a clearing hub for cyber threat information—instead referring to a “Healthcare Cybersecurity Command Center,” which a department spokeswoman confirmed is the center’s successor. The department also issued a press release announcing the center, but the release called it the “Health Sector Cybersecurity Coordination Center.”
The center, which has been roiled by bureaucratic infighting, has seen its founding leadership cleared out; the situation—first reported by POLITICO—is the subject of an investigation by HHS’s Office for the Inspector General. Besides the name change, the letter offers a clue about the center’s evolution, referring to its utilization of Assistant Secretary for Preparedness and Response resources. In its first iteration, the center was organized under the department’s Office of the CIO.