Bill would establish CISO role for HHS

House Energy and Commerce Committee members Congresswoman Doris Matsui (D-Calif.) and Congressman Billy Long (R-Mo.) introduced the HHS Data Protection Act, which would establish the Office of the Chief Information Security Officer (CISO) within the Department of Health and Human Services (HHS) and elevate the position out from under the CIO.

The legislation builds on the Obama Administration’s Cybersecurity National Action Plan, a comprehensive strategy for enhancing cybersecurity protections which recognizes the importance of a CISO in improving cybersecurity capabilities, according to a release. Earlier this year, the Administration created the position of the Federal Chief Information Security Officer, the first dedicated senior official in the Administration focused exclusively on coordinating cybersecurity operations across the entire federal domain.

“It is impossible to completely eradicate the threat of cyber-attacks, but the American people deserve to know that their sensitive information is being safeguarded with the utmost security,” said Congressman Long. “In light of recent data breaches across America’s federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind.” In August 2015, the majority staff of the Energy & Commerce Committee released a report on information security at FDA following a breach of its internal network. The report recommended that HHS separate the CISO from the CIO to ensure that information security is appropriately prioritized. Access the bill.