On February 28th, President Biden signed an Executive Order (EO) aimed at protecting Americans’ sensitive personal data from “countries of concern.” The EO is the result of sensitive personal data being sold in the international commercial data market, which is composed of companies that collect, analyze and sell personal data. Individuals and businesses around the country are all at risk, making security measures and additional awareness of these attacks a necessity. We expect significant regulatory action — the EO directs the Department of Justice to issue regulations to protect Americans’ sensitive personal data (e.g., genomic, biometric, personal health and financial data), and calls on the departments of HHS, Defense, and Veterans Affairs to help ensure that federal grants, contracts and awards are not leveraged by bad actors. The President has also urged Congress to pass bipartisan privacy legislation.

The EO targets a wide range of data, including health records, personal finance information, geolocation, and biometric identifiers. The move comes after heightened concerns on the practices of commercial data brokers that track personal data from visitors and customers of certain web pages. These companies collect and sell individuals’ sensitive information to foreign adversaries, which puts the security of Americans at risk. In a fact sheet, the White House stated the following:

“Bad actors can use this data to track Americans, including military service members, pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services. This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.”

Given the continued threat of cyberattacks targeting health care systems, the EO seeks to allocate resources towards bolstering cybersecurity defenses. This could involve partnerships with the private sector, investments in advanced threat detection technologies, and coordination with intelligence agencies to identify and mitigate threats from foreign actors. Just a few weeks ago, UnitedHealthcare, one of the country’s largest health technology providers, experienced a massive cyberattack that impacted administrative functions for hospitals, physicians, pharmacies and patients. Change Healthcare, which is a subsidiary of UnitedHealth Group, processes roughly 15 billion transactions annually. Since the attack, health care facilities have been unable to bill customers for certain services provided, have had difficulties receiving payments from insurers, and issues with prescription backlogs at pharmacies have been widespread. The American Hospital Association has since requested immediate federal support to address pending security threats.

AHPA extends our gratitude to Kevin Lopez, guest author of this article.
Kevin is a graduate student in the Master of Healthcare Administration program at Loma Linda University.