Senators Ron Wyden (D-OR) and Senators Chuck Grassley (R-IA) sent a letter to the United Network for Organ Sharing (ONOS), which manages the Organ Procurement and Transplantation Network (OPTN), requiring responses in regards to a recently discovered data breach and called on ONOS for its evident failure to manage the OPTN.
In January 2022, the Senators wrote to ONOS to communicate their worries regarding OPTN systems, which desperately need modernization to safeguard them from cyberattacks. Matching donors with patients needing transplants is a critical process, and any breakdown in the system, caused by a ransomware attack, for instance, could lead to losing numerous lives.
In February 2022, the Senators expressed their concerns with the White House Chief Information Officer regarding the technology being used and the cybersecurity options to safeguard the OPTN from cyberattacks. In September of 2022, the HHS Office of Inspector General (OIG) shared a report that required the Health Resources and Services Administration (HRSA) to enhance the monitoring of the cybersecurity of OPTN. OPTN had been questioned for using obsolete IT systems and insufficient technical functionality to update the systems, make them secure, and ensure they are working perfectly.
On March 20, 2023, the Senators sent UNOS a letter regarding a breakdown of the DonorNet network last February 15, 2023, which endangered patients. ONOS was questioned for failing to run the technology necessary for the OPTN. A couple of days later, the Senators sent UNOS a letter again concerning a recently identified data security breach.
In November 2023, ONOS performed two software tests and found that a software settings mistake had compromised the sensitive information of 1.5 million organ transplant individuals and DonorNet system users. End users of the system could access personal records depending on the case; nevertheless, the error enabled access to all files on the OPTN and DonorNet systems, which include information like names, birth dates, Social Security numbers, and processes. In the most recent letter, the Senators required answers concerning the data breach and indicated their concerns with the protection of UNOS’s vital technology and its obvious incapability to properly manage the OPTN.
Particularly, the Senators would like to understand how the data breach was discovered; the main cause of the HIPAA violation and any applicable investigations and assessments; the number of individuals impacted; whether unauthorized persons viewed patient files; the number of persons that accessed patient information they were not permitted to see. They have additionally asked for details about breach response protocols at ONOS, which include the response to the most recent incident, whether patients were informed, and the steps undertaken to stop more breaches and cyberattacks. ONOS has up to April 10, 2024, to give the answers.
Sens. Grassley and Wyden are pressing for changes to enhance the management of the OPTN. In April 2023, they recommended new laws, The Securing the U.S. Organ Procurement and Transplantation Network Act, to enhance the administration of the OPTN, which for the last 40 years has been exclusively managed by ONOS. The legislation was approved by President Biden last September 2023 and stops the agreement for the administration of the OPTN and encourages involvement from qualified and transparent companies. The purpose of the law is to enhance visibility and deal with the many problems that have affected the OPTN in the last 40 years. It is expected that the split up of the monopoly will increase the market and save many lives.
