The Department of Health and Human Services continues to face challenges in exercising its cybersecurity responsibilities, according to a new report by the Government Accountability Office.
GAO said Wednesday that although it had already highlighted those challenges in previous work, HHS has yet to implement all of the recommendations to address them. HHS is the healthcare and public health sector lead agency, and in this role, it is tasked with bolstering the sector’s cybersecurity.
Adopting Cybersecurity Practices
One of the challenges faced by HHS involves the adoption of leading cybersecurity practices to overcome various risks, including ransomware. GAO had previously determined that HHS does not adequately monitor the implementation of various cyber risk mitigation practices, including those outlined in the National Institute of Standards and Technology Cybersecurity Framework. A related challenge is HHS’ failure to evaluate the cybersecurity support it provides to the healthcare sector.
To address these issues, GAO recommends that HHS work with various partners, including the Cybersecurity and Infrastructure Security Agency, to establish the extent to which cyber best practices are being implemented by entities within the health sector. HHS should also work to develop a procedure that would measure the effectiveness of the support it offers to the sector.
Assessing IoT and OT Devices
GAO also learned that HHS had not conducted a sector-wide cybersecurity risk assessment of Internet of Things and operational technology devices, which are used to deliver various health care services. To correct the issue, HHS has been called on to include IoT and OT devices in risk assessments.
According to GAO, unless HHS fully implements these and other recommendations, the agency might not only fail to effectively carry out its responsibilities, it may also bring about negative effects on patients as well as healthcare providers.
The Potomac Officers Club’s 2024 Healthcare Summit will explore the transformative trends and innovations shaping the future of the healthcare sector. Join the event, which will take place on Dec. 11.
