WASHINGTON, DC – U.S. Senator Gary Peters, Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, called on the Trump Administration to take strong action against the Chinese government following reports that state-sponsored hackers attacked American hospitals and research institutions in an effort to steal information related to development of a Coronavirus vaccine. By attacking health care providers’ information systems, the Chinese government put the health and safety of Americans at risk. Peters pressed the Administration to take swift action to hold the Chinese government accountable for these breaches, including threatening sanctions, as well as strengthening cybersecurity support for hospitals and research facilities at risk of further cyber-attacks.
“By targeting hospitals and health care providers, these state-sponsored hackers put the lives of Americans who are seeking care at risk,” wrote Senator Peters. “The Administration should use public pressure and the threat of sanctions and additional indictments to deter future Chinese government attacks against research institutions. In the event China’s government directly threatens the lives of Americans through actions against hospitals, other Department of Defense capabilities should be considered to make it clear that there will be consequences for these actions.”
As Ranking Member of the Senate Homeland Security and Governmental Affairs Committee and a member of the bipartisan Senate Cybersecurity Caucus, Peters has led efforts to bolster our nation’s cybersecurity defenses. Last year, the U.S. Senate unanimously approved Peters’ bipartisan legislation to promote stronger cybersecurity coordination between the Department of Homeland Security and state and local governments. The Senate also passed a Peters-led bill to develop and retain highly-skilled cybersecurity professionals in the federal workforce.
Peters has also worked to address America’s overreliance on China for critical drugs, personal protective equipment and medical supplies needed to address the Coronavirus pandemic. In a 2019 report, Peters raised concerns and recommended actions to address vulnerabilities in our medical supply chain, including shortages for prescription drugs, masks, gloves, and vaccine delivery devices, which are compounded by the United States’ dependence on foreign manufacturers like China.
Text of Peters’ letter is copied below and available here:
May 12, 2020
I am concerned about recent reported Chinese government sponsored cyber-attacks against the United States and I urge you to take necessary action to mitigate this threat in the future.
The Chinese government has reportedly sponsored attacks against the Department of Health and Human Services (HHS), hospitals, research laboratories, health care providers, and pharmaceutical companies with the goal of stealing COVID-19 treatment and vaccine research. By targeting hospitals and health care providers, these state-sponsored hackers put the lives of Americans who are seeking care at risk.
In a March 6, 2019 hearing before the Senate Homeland Security and Governmental Affairs Committee, I raised concerns that the federal government has failed to invest effectively in cybersecurity protections and warned that past breaches have shown the severe consequences of inadequate cybersecurity investments. HHS manages massive quantities of sensitive medical research and personal data. Continued cybersecurity deficiencies in our government systems are inexcusible and require immediate attention and additional resources.
We should also work to improve the security of state, local, and private sector institutions that are researching COVID-19. Given the life and death consequences of information related to the COVID- 19 pandemic, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) should prioritize their cybersecurity support to safeguard our health care sector.
Finally, the United States must communicate a strong message to China’s government that this behavior is unacceptable. The Administration should use public pressure and the threat of sanctions and additional indictments to deter future Chinese government attacks against research institutions. In the event China’s government directly threatens the lives of Americans through actions against hospitals, other Department of Defense capabilities should be considered to make it clear that there will be consequences for these actions.
I urge you to take all necessary measures to protect government and private sector medical institutions working to save lives and develop treatments and a vaccine for COVID-19. These measures should include:
- Directing CISA and CYBERCOM to prioritize cybersecurity support to hospitals and medical research institutions, including providing risk and vulnerability assessments and sharing cyber threat intelligence information with those organizations.
- Utilizing all levers of national power – diplomatic, military, economic, and law enforcement – to deter the Chinese government from any attacks against U.S. medical institutions and make clear that any attack on our medical systems will be treated as a significant threat to our country.
- Increasing cybersecurity funding as part of future COVID-19 funding requests to Congress for hospitals, medical and research institutions.
- Directing Secretary Azar to prioritize HHS information technology appropriations towards improvements in cybersecurity, and encouraging the Secretary to work with GAO and the HHS Inspector General to improve its cybersecurity posture.