Fighting back against the hack, Obama announces cyberattack sanctions

President Obama announced sanctions to allow the U.S. government to respond to cyberattacks, particularly when those attacks originate abroad. The President’s Executive Order announces a national emergency regarding the growing threat of hackers and cyberattacks to U.S. national security, foreign policy, and economic welfare. Specifically, the Executive Order authorizes the Secretary of the Treasury, the Attorney General, and the Secretary of State to impose sanctions on individuals or entities that engage in malicious cyber activity that are likely to or have contributed to a threat to U.S. security or financial stability.

The threat

In a statement on the need for the Executive Order, President Obama said that “cyber threats pose one of the most serious economic and national security challenges to the United States.” The risk posed by cyberattacks to the health care industry has grown increasingly evident. Due to the wealth of information held by providers and manufacturers in the health care industry, cyberattacks are a particularly ominous threat for those entities (see ‘Gold behind weak fences,’ health care data and cyber attack vulnerability, Health Law Daily, March 6, 2015).

Damage already

The impact of successful hackers has been seen both in 2014 and already in 2015. For example, on February 4, 2015, Anthem, Inc., the second largest health insurance company in the U.S. was compromised by hackers. The hackers were estimated to have accessed the personal information of nearly 80 million customers (see Anthem victim to possibly largest ever health care data breach, Health Law Daily, February 5, 2015). Similarly, in August 2014, hackers breached a Tennessee hospital system’s electronic data program and compromised the personal information of approximately 4.5 million patients. The breach gained some additional notoriety because the group identified as responsible for the hack previously had devoted its efforts to valuable intellectual property rather than electronic health records (EHRs) (see Unlikely hackers target personal info of 4.5M Tennessee hospital patients, Health Law Daily, August 19, 2014).

Sanctions

The Executive Order operates by enabling the U.S. government to freeze assets of malicious cyber attackers. Additionally, the sanctions will make it more difficult for hackers to do business with U.S. entities through limitations on hackers’ unrestricted immigrant and non-immigrant entry to the U.S. According to the White House, the Executive Order is drafted to protect against the most significant malicious cyber actors that the country faces. Additionally, the White House cautions that “law-abiding companies have absolutely nothing to worry about” stating: “we will never use it to try to silence free expression online or curb Internet freedom.”