U.S. Senate Committee on Health, Education, Labor, and Pensions

10/28/2025 | Press release | Distributed by Public on 10/28/2025 07:38

Chair Cassidy Continues Committee Investigation into Cybersecurity Incidents

WASHINGTON - U.S. Senator Bill Cassidy, M.D. (R-LA), chair of the Senate Health, Education, Labor, and Pensions (HELP) Committee, announced an expansion of his investigation into repeated cybersecurity threats to the American economy. Specifically, he raised concerns about a recent breach affecting F5, one of the largest application security companies in the world. This comes after the Cybersecurity and Infrastructure Security Agency (CISA) issued a second emergency directive in under a month to federal agencies, directing them to review deployment of F5 products for any security vulnerabilities.

"The second potential breach of a critical network tool connecting public and private entities to essential tools highlights the significant threat of cybersecurity attacks, particularly from hostile actors, such as China, Russia, and Iran," wrote Dr. Cassidy. "As cyber incidents continue to increase, it is essential that the public and private sectors take steps to safeguard the information of millions of patients, students, and employees across America."

Earlier this month, Cassidy requested information from Cisco, the largest out network infrastructure company in the world, after CISA issued a similar emergency directive to federal agencies to disconnect from certain Cisco devices.

Read the full letter here or below:

Dear Mr. Locoh-Donou,

Cybersecurity incidents pose a substantial safety and financial threat to the American economy and the consumer. In 2024, organizations around the world faced an average of 1,876 cyber attacks per week, a record high. Despite these growing threats, 35% of smaller organizations believe their cybersecurity infrastructure is not sufficient. The Senate Committee on Health, Education, Labor, and Pensions (HELP) is conducting an investigation of these challenges and an assessment of initiatives underway to respond.

As cyber incidents continue to increase, it is essential that the public and private sectors take steps to safeguard the information of millions of patients, students, and employees across America. These efforts also are critical to protect our national security interests.

The emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) on October 15, the second directive in under a month, directed federal agencies to review the security of F5 hardware and software and identify any potential security vulnerabilities. This was in response to, "A nation-state affiliated cyber threat actor [that] has compromised F5's systems and exfiltrated files." Recent reports indicate that threat actors gained unauthorized access to F5's systems as early as 2023. The second potential breach of a critical network tool connecting public and private entities to essential tools highlights the significant threat of cybersecurity attacks, particularly from hostile actors, such as China, Russia, and Iran. F5 is widely used by business, including by 85% of the Fortune 500 companies in the United States. F5 has publicly stated that, "A highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems." This significant breach raises questions about what customer data may have been exfiltrated, but also how to ensure F5 customers can reconnect to F5 systems.

As F5 works with the federal government to patch any cybersecurity vulnerabilities, it must work with customers to ensure their systems are protected as well. To that end, I request answers to the following questions by November 12, 2025:

  1. Has F5 identified any specific threats to individual customers? If so, how is it communicating next steps or security patches?

    1. F5 has stated that, "We have not seen any new unauthorized activity, and we believe our containment efforts have been successful." At what point did F5 detect unauthorized activity on its systems and what immediate steps did it take to mitigate this breach?

    2. How is F5 monitoring to ensure additional data from either F5's systems or customer information was not exfiltrated?

  1. How is F5 proactively communicating with customers as F5 identifies more about the potential threat?

  1. How is F5 working with customers to ensure that they can safely reconnect to F5's systems?

  1. Is F5 currently recommending that individual customers follow CISA's October 15 emergency directive, including hardening and updating F5's BIG-IP hardware and software products? If so, how is F5 working with customers to successfully apply these updates?

  1. How is F5 engaging with specific federal agencies, including the Departments of Education, Labor, and Health and Human Services to provide sector-specific services or assistance to impacted entities?

  1. Estimates are that 45% of companies in the United States do not employ a Chief Information Security Officer (CISO). How is F5 working to communicate with individual customers, specifically health care providers, schools, and small businesses, to ensure they have current information about ways to address any cybersecurity vulnerabilities?

Sincerely,

U.S. Senate Committee on Health, Education, Labor, and Pensions published this content on October 28, 2025, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on October 28, 2025 at 13:38 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]