HHS to face audit of its own cybersecurity, incident response capabilities
The U.S. Department of Health and Human Services’ Office of Inspector General plans to look into the state of HHS cybersecurity, to determine whether it “has sufficiently implemented incident response capabilities.”
OIG updated its work plan to include the audit of the agency.
“Increased threats to critical cyber-based infrastructure systems have created a need for government agencies to increase their computer security efforts,” officials said in a statement.
The threat landscape requires “skilled and rapid response to reduce their likelihood and to reduce or mitigate loss or destruction of data, loss of funds, loss of productivity and damage to the agency's reputation,” officials said.
OIG will release the results of its audit in 2018. When the agency released the work plan in the fall of 2017, OIG left it open to add further investigations during the year. For its investigations into health IT concerns, officials focus on how electronic health records are protected, cloud services and rising drug prices.
Cybersecurity improvements have been top of mind for federal agencies following the WannaCry and Petya attacks that struck over the summer. WannaCry shut down major portions of the U.K. National Health Service, while Petya destroyed data and operations around the globe, including a Pennsylvania health system and Nuance, a voice and language tool provider.
Security researchers have continually warned that these types of attacks will be the norm on the threat landscape. Further, continued vulnerabilities in the healthcare sector have increased the chance that the next attack could have far worse consequences.