During Tuesday’s Senate Finance Committee hearing, Sen. Mark Warner (D-VA) questioned HHS Nominees James O’Neill and Gary Andres about classified information protection and communication.
Category
🗞
NewsTranscript
00:00Senator Warner. Not to pile on, but I want to add to Senator Warnock's comments.
00:08Mr. Andres, you know, it has been awful, the lack of responsiveness. I've got a series of
00:15letters as well. And the fact is, I even have evidence that Republican members get their
00:21responses answered by the secretary. And we, like Senator Warnock, and I'd be curious
00:29to see if any Democratic member has gotten any response from the secretary. It's outrageous.
00:35It is not the way the government's supposed to operate. Whether we vote for a nominee or not,
00:40the secretary has absolute responsibility to respond to members of Congress. And frankly,
00:48it has reaffirmed why I'm so proud that I did not vote for the secretary since he's not been willing
00:53to do that. Mr. O'Neill, it was good to see you again. We had a nice conversation. I want to
00:58bring up an issue we talked about online, and that is cybersecurity. I think we all remember
01:05what happened with last year with UnitedHealth Group and their Change Health subsidiary, the fact
01:11that you had an operation, one of the biggest providers or coverage in the country, and they
01:19had taken Change Healthcare for, what, a couple years.
01:22They still had not even put in basic things like multi-factor authentication.
01:30You know, as we discussed, candidly, frankly, even trying to figure out who's in charge on cyber
01:36within HHS has been a challenge. We've spent a lot of time on this. I know a lot of colleagues on both
01:42sides of the aisle recognize that this is a huge problem. And candidly, on the dark web, as we know,
01:49personal health information has a higher value even than financial information.
01:56We did make a little bit of progress. I mentioned in our call, your predecessor in the Biden
02:01administration, Andrea Palm, who actually finally took up this as one of our priorities. And we did
02:08try to update HIPAA to make sure there were mandatory minimum cyber hygiene standards.
02:14There is a rule that needs to be prioritized, if confirmed. Will you urge the Secretary to go ahead
02:23and finalize that rule?
02:26Senator, I also really enjoyed our conversation, especially about cybersecurity.
02:32As we discussed, cybersecurity is an unsolved problem. Everyone that has custody of health data
02:40has a responsibility to keep it secure, both legally in terms of the HIPAA law and the HIPAA
02:44privacy rule, also morally, and also technologically. So if the technology is not there to provide
02:51excellent cybersecurity, and my sense is that technology still has a lot of room to grow,
02:59then regulations or mandates can only do so much until the technology is there. So I think I would like to bring
03:07a lot of cybersecurity and AI expertise.
03:09I'm sorry, let me just say, I don't mean to interrupt, but I don't want to, I don't want you to, you know,
03:14filibuster here. It's, as we discussed, this is an area, unless there's minimum standards,
03:22and because we have such a complex healthcare system that large players to tiny players to equipment vendors,
03:29you know, the market is going to respond if we have standards in place. And I just, there is a rulemaking
03:38that is in process. I hope that you would encourage the Secretary Kennedy to finalize that rule.
03:47I also want to just raise another one, Mr. O'Neill. We didn't get a chance to talk about this, but
03:51we got more information again out today of the continued misuse, careless, sloppy treatment of
04:01secure and classified information. You know, I see this a lot from my position as chair and now vice
04:08chair of the Intelligence Committee. But should you be confirmed, I mean, there is an enormous amount of
04:13classified information within HHS. I mean, it can move markets. We talk about if it's, if it's,
04:21the vulnerabilities around cybersecurity. Let me give you a, let me give you an easy one on,
04:28as my time runs down. Will you commit to make sure that if, you know, classified or other information
04:35is being discussed within the HHS world, that you will not default to non-secure communications
04:44channels like Signal? Yes, Senator, I am absolutely happy to make you that address. And I would,
04:51again, just please urge as you, I think you're going to be confirmed, that you do a thorough
04:57review of this. I mean, there has been a, I'm particularly perturbed about what's happened
05:04in the intel and DOD world with the sloppiness about secure information. But candidly, as more
05:09and more information becomes secure, and this is just not a, I would make this critique of the last
05:14administration as well. We have to make sure we, we do basic security one-on-one on, on this type
05:20of information. And I know that the chairman and Senator Cantwell will share this, but I would like
05:26to work with you very much on that. Thank you. Thank you, Senator. I'm happy to make that assurance
05:30and would love to work with you on it. Thank you. Senator Cantwell. Thank you.