Every American's electronic health records were potentially leaked through cyber security breaches during the Biden presidency, and Wisconsin’s former Health Services (DHS) secretary-designee Andrea Palm has apparently been left holding the bag.
During the last four years, over 470 million individuals in the US have been impacted by cyber security breaches in the healthcare industry. (Obviously, many of those individuals are duplicates, who were impacted by more than one data breech). This figure matches what other organizations have reported through 2023 and also includes the most recent data from HHS for 2024. For comparison, during the first Trump presidency, there were 100.8 million individuals impacted.
Despite this alarming trend, HHS doesn’t seem to take the problem of electronic health information breaches very seriously. The responsibility is relegated to the Office of Civil Rights (OCR), where it receives minimal funding. HHS has no strategic goals nor objectives tied to decreasing the number of breaches.
HHS’ leadership team did not start publicly addressing the problem until 2022, after which things got much, much worse. That’s when it began holding roundtables with the Cybersecurity and Infrastructure Agency (CISA). Deputy Secretary Andrea Palm participated on behalf of HHS.
Before President Biden appointed Palm to be his HHS deputy secretary, Palm served for two years in Wisconsin as the DHS secretary-designee. Her appointment was never confirmed, and with good reason. Perennially unprepared, Palm never seemed able to answer even the most basic questions about her agency without a staff member whispering the information in her ear. During the covid crisis, she made absurdly apocalyptic predictions based on highly flawed data and advised the governor to violate the state constitution on multiple occasions. She was a perfect addition to the Biden administration in 2021.
The work between CISA and HHS progressed at a predictably slow pace with no sense of urgency despite the severity of the crisis. Already during the first two years of the Biden Administration, over 115 million Americans’ healthcare data had been compromised, which was more than had occurred during the entire first Trump presidency.
“HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber defense and protect patient lives,” is how Palm described the effort.
Over the next year, another 168 million Americans’ health records were exposed to cyber breaches, the most ever at the time. CISA’s response was to launch a new website in October 2023 to help healthcare providers stay on top of the latest cyber security information. HHS followed with its own website three months later called the “HHS Cyber Gateway," along with some more general guidelines.
“We have a responsibility to help our health care system weather cyber threats, adapt to the evolving threat landscape, and build a more resilient sector,” Palm said during the launch last January.
Since then, another 184 million Americans’ healthcare records have been exposed, currently the most ever. Now, Palm is in the news again over these breaches. With only weeks left in office, she’s announcing an administrative rule that directs healthcare organizations to overhaul their health information security practices.
“This proposed rule is a vital step to ensuring that health care providers, patients, and communities are not only better prepared to face a cyberattack, but are also more secure and resilient,” Palm said.
That proposed rule isn’t just underwhelming, it’s also meaningless. The Biden Administration ends in just a couple of weeks, and all of its rules in the approval process are essentially dead-on-arrival. It’s a fitting testament to Biden’s HHS refusing to take this problem seriously that negatively impacted practically every single American during his term.
Interested in the content of this Article?
Reach out to the MacIver Institute to aquire more information