Cybersecurity

Peters criticizes Trump for not taking action after cyberattacks on hospitals, COVID-19 researchers

Sen. Gary Peters (D-Mich.) on Friday slammed President Trump for not taking action to defend the health sector against increasing cyberattacks during the COVID-19 pandemic.

Peters, who serves as ranking member of the Senate Homeland Security and Governmental Affairs Committee, wrote a letter to Trump specifically highlighting concerns around cyber targeting of U.S. hospitals and of groups conducting COVID-19 vaccine research, which have spiked since March.

“I am angered by these government sponsored cyber-attacks and your lack of action to deter them over the past months,” Peters wrote on Tuesday.

Peters specifically criticized the decision by Trump this week to fire Christopher Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), along with two other key CISA leaders. The agency has taken a leading role in responding to attacks on the health sector.

“While I have full confidence in the dedicated workforce at CISA to continue to execute their mission despite your actions, the removal of these individuals invites attacks from our adversaries based on a perception of instability, rather than prevent them,” Peters wrote.

This is the second letter that Peters has sent to Trump this year highlighting concerns around cyberattacks linked to the COVID-19 pandemic.

The first was sent in May after CISA and the FBI put out a joint alert warning that Chinese government-backed hackers were targeting U.S. groups developing COVID-19 vaccines and treatments.

The warning was sent out weeks after CISA and the United Kingdom’s National Cyber Security Centre put out a separate alert highlighting cyber threats to health care and essential services groups. The agencies noted that these groups were likely being targeted to steal intellectual property around COVID-19 research.

Since the warnings were put out, threats to COVID-19 researchers and the health care sector have only increased, with hospitals becoming a major target for debilitating ransomware attacks.

CISA, the FBI and the Department of Health and Human Services put out a joint alert last month warning of an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” with hospitals in New York and Vermont successfully targeted by hackers.

The private sector has also taken notice, with Microsoft warning earlier this month that it had seen evidence of Russian and North Korean hacking groups targeting pharmaceutical companies and coronavirus vaccine researchers.

Peters urged Trump Friday to “send a strong message to any foreign government attempting to hack into our medical institutions that this behavior is unacceptable.”

He asked that Trump direct CISA and the Department of Defense’s U.S. Cyber Command to support the security of health-care institutions, increase federal cybersecurity funding for these groups, and make clear to other nations that attacks on U.S. medical systems would be treated as “a significant threat to our country.”

“The Administration should use the tools at its disposal, including the threat of sanctions, to deter future attacks against research institutions,” Peters wrote. “In the event that any foreign government directly threatens the lives of Americans through attacks on medical facilities, other Department of Defense capabilities should be considered to make it clear that there will be consequences for these actions.”

Peters is among a number of lawmakers from both parties to raise questions around the cybersecurity of the health sector and of vaccine researchers.

House Minority Leader Kevin McCarthy (R-Calif.) introduced legislation earlier this year to sanction foreign hackers involved in attempts to target and steal COVID-19 research, while Senate Republicans included $53 million to help CISA protect vaccine research efforts against hackers in a proposed stimulus bill in July.