"OIG: HHS Must Modernize Its Approach to Cybersecurity"

The Office of Inspector General (OIG) urged the US Department of Health and Human Services (HHS) to improve data governance, secure HHS systems, and modernize its approach to cybersecurity across the department in the 2022 edition of its annual report on HHS's top management and performance challenges. According to the report, persistent and growing cybersecurity threats heighten HHS's challenges with data and technologies used to carry out essential HHS missions. If not mitigated, these threats can jeopardize critical HHS program operations and potentially endanger the health and welfare of individuals served by HHS. The report highlighted many challenges that HHS faces in carrying out its mission of improving the health and well-being of all Americans while combating daily cyber threats. OIG stated that HHS constantly improves how it collects, manages, shares, and secures data. For example, the department is currently finalizing its HHS Data Strategy, which should assist the department in addressing data sharing, privacy, governance, and security issues. The report noted that challenges HHS must overcome include the persistent impact of data silos and legacy technology that do not easily support modern data governance and standardization, as well as inconsistencies in how HHS leverages and manages data across its programs. Eliminating or reducing data silos within HHS programs, ensuring the development of standardized data sets, and increasing appropriate access across programs are all critical to improving program management, evidence-based decision-making, and capitalizing on new technologies. In addition to improving data governance and standardization, OIG emphasized the importance of removing barriers to public health data access and encouraging data sharing among providers, patients, and payers. Furthermore, OIG emphasized the significance of improving HHS's own security posture, as underscored by President Biden's executive order on improving the federal government's security practices in May 2021. The HHS Office of Information Security is currently finalizing its Strategic Plan in support of the executive order, which calls for significant organizational changes. Because program needs and timeliness compete with cybersecurity controls and capabilities, the OIG described the challenge of securing HHS data as multifaceted and complex. This article continues to discuss OIG's report on harnessing and protecting data and technology to improve the health and well-being of individuals. 

HealthITSecurity reports "OIG: HHS Must Modernize Its Approach to Cybersecurity"