Layoffs at the HHS could compromise oversight of medical device cybersecurity, Democrats and witnesses said at a House hearing on Tuesday.
The hearing, which was scheduled to analyze cybersecurity threats in medical devices, comes as the HHS is in the middle of a major workforce reduction. The department plans to cut 10,000 employees in the latest round of layoffs, in addition to 10,000 workers who have already exited the HHS since President Donald Trump took office early this year.
The Trump administration argues the layoffs at HHS — alongside a reorganization that consolidates some of the department’s divisions — will increase government efficiency and save taxpayers $1.8 billion each year.
The Food and Drug Administration, which regulates medical devices, will bear the brunt of the layoffs, with 3,500 jobs on the chopping block, the HHS announced last week.
“We know cybersecurity in healthcare is a problem that needs to be addressed, but nothing will improve if thousands of federal employees who work to solve health challenges everyday are laid off,” Rep. Frank Pallone, D-N.J., said during the House Energy and Commerce subcommittee hearing.
The healthcare sector has already become a large target for cyberattacks, which can have life or death consequences at hospitals and potentially expose a huge amount of sensitive patient data.
Providers frequently use legacy medical devices, or older devices that don’t include modern cybersecurity safeguards, that risk opening vulnerabilities in their cyber defenses. Meanwhile, replacing or updating expensive devices is often a challenge for cash-strapped facilities, experts said during the hearing.
The reduction in force at the FDA could worsen security and patient safety, witnesses said.
Kevin Fu, who served as acting director of medical device security at the FDA’s Center for Devices and Radiological Health, said his team was already a “skeleton crew” during his tenure early in the Biden administration.
The situation has presumably not improved. CDRH likely already lost more than 200 workers during a round of firings in February, according to reporting by MedTech Dive. However, most of them were asked to return to their jobs not long after.
CDRH staff members were cut this week in the latest round of layoffs, though it’s unclear how many employees from the center lost their jobs.
Losing subject matter experts — who have specialized skillsets — could hinder the nation’s ability to respond to cybersecurity threats, said Fu, now a professor of electrical and computer engineering at Northeastern University in Boston.
“In my opinion, if two cybersecurity incidents were to occur simultaneously, at present staffing levels as of yesterday, it’s unlikely the FDA would be able to meet its congressionally mandated duties to ensure the availability of safe and effective medical devices,” he said.
Democrats also argued the Trump administration hasn’t been clear about which workers will be let go in the workforce reduction. Conducting hearings amid the layoffs feels like “fiddling while Rome is burning,” said Rep. Diana DeGette, D-Colo.
“All of us are for efficiency, all of us want to eliminate waste, fraud and abuse,” she said. “But when you just willy-nilly cut 3,500 employees, it is going to not only fundamentally affect your ability to regulate industries like medical devices, it’s also going to fundamentally undermine patient health and safety.”
One Republican, Rep. Rick Allen, R-Ga., pushed back, noting there are already agencies within the federal government, like the Cybersecurity and Infrastructure Security Agency, involved in cybersecurity, while hospitals and device manufacturers employ their own cyber experts.
“We need to figure this out and quit blaming each other,” he said. “I mean, the definition of insanity is doing the same thing over and over again and expecting a different result.”