Privacy & Security

After WannaCry, Senators float bill to stop US cyber weapon stockpiling

Leaked NSA tools led to a global hacking, and legislators don’t want that to happen again.
By Jessica Davis
May 18, 2017
11:14 AM

A bipartisan group of Senators introduced a bill Wednesday that seeks to prevent another massive data leak of government-owned hacking tools like the one used in the weekend’s WannaCry ransomware campaign.

The Protecting Our Ability to Counter Hacking Act would force the U.S. government to turn over these hacking tools to an independent review board that would determine the vulnerabilities that need to be secured.

The bill also aims to make public more of these system vulnerabilities so organizations can fix it.

[Also: Senate bill requires NIST to write cybersecurity guidance for small businesses]

The hope is that it would reduce the stockpile of zero-day exploits and prevent the data from being leaked to hackers again. The cybercriminal group Shadow Brokers currently have a cache of these U.S. National Security Agency weapons and are threatening a monthly release. The NSA uses these tools for surveillance and gathering intelligence.

“Striking the balance between U.S. national security and general cybersecurity is critical, but it’s not easy,” Sen. Brian Schatz, D-Hawaii, who introduced the bill, said in a statement. “This bill strikes that balance.”

The bill will codify a framework for government agencies while ensuring it has the needed tools essential to national security, Schatz said.

[Also: WannaCry highlights worst nightmare in medical device security]

“The continued threat of cyberattacks means that we need to combine public and private efforts to maintain the security of America’s networks and information,” Sen. Ron Johnson, R-Wisconsin, said in a statement. “It’s essential that government agencies make zero-day vulnerabilities known to vendors whenever possible.”

PATCH was also sponsored by Sen. Corey Gardner, R-Colorado, Rep. Ted Lieu, D-California, and Rep. Blake Farenthold, R-Texas. It has support from cybersecurity experts and advocacy groups that include McAfee, Mozilla, The Information Technology and Innovation Foundation and New America’s Open Technology Institute -- among others.

The legislation comes on the heels of the WannaCry attack that pummeled Europe, Russia and China over the weekend, including 20 percent of the U.K. National Health Service. WannaCry is thought to be part of the NSA cache of cyber weapons and exploits.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Privacy & Security

More regional news

Franklin Square Medical Center

MedStar extends acute care at home to Baltimore

By
Andrea Fox
November 05, 2024
Andy Sajous of Ahead on AI

Why won't this expert's clients sign onto AI projects for more than 12 months at a time?

By
Bill Siwicki
November 05, 2024
Abstract of lines connected in a mesh over a map of the U.S.

Epic APIs move to USCDI v3

By
Andrea Fox
November 05, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Abstract of lines connected in a mesh over a map of the U.S.
Epic APIs move to USCDI v3

Most Read

Generative AI is this CISO's 'really eager intern'
HIMSSCast: Toward safer and more secure use of AI
Q&A: How redundancy enabled resilience after Crowdstrike outage
What providers need to know about migrating their EHR to the cloud
The Light Collective amplifies its call for patient data rights
Atrium Health responds to new social engineering attack

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Eric Liederman at CybersolutionsMD_Healthcare Cybersecurity Forum 2024
Improve cyberdefense through collaborative decisions
Jonathan Bauer at Atlantic General Hospital_Healthcare Cybersecurity Forum 2024
Cybersecurity focus and funding grow from big events
Darren Lacey at Johns Hopkins_Healthcare Cybersecurity Forum 2024
How AI can boost cybersecurity
Dennis Chornenky at UC Davis Health_PART 2_AI in healthcare concept art Photo by Just_Super/E+/Getty Images
Chief AI officer: Multidimensional tech needs multidimensional leadership

More Stories

UC Davis Medical Center and chief AI officers
CAIOs must understand policy and business strategy, in addition to healthcare and IT
Dennis Chornenky at UC Davis Health_PART 2_AI in healthcare concept art Photo by Just_Super/E+/Getty Images
Chief AI officer: Multidimensional tech needs multidimensional leadership
Dr Der-Yang Cho at China Medical University Hospital_HIMSS24 APAC
A Taiwanese hospital's commitment to healthcare AI
Dennis Chornenky of UC Davis Health on chief AI officers
Chief AI Officer: Healthcare's hot new role demands a rare combination of skill sets
Doctor looks at a desktop computer screen in a medical office
Vendor AI Roundup: Enhanced EHR offerings designed to give practices a leg up
Dennis Chornenky at UC Davis Health_PART 1_AI in healthcare concept art Photo by Just_Super/E+/Getty Images
UC Davis Health's inaugural AI chief discusses the responsibilities of the role
Greg Garcia of HSCC at the HIMSS Healthcare Cybersecurity Forum
Work like 'a beehive, an ant colony' to protect against cyber intruders
Hands use a Medtronic device on a patient's hand to aid in testing pulse oximetry quality
Medtronic dismissed from pulse oximeter lawsuit, FDA still working on guidance