The Department of Health and Human Services Office of Inspector General, or OIG, has issued a report calling on the National Institutes of Health to strengthen the cybersecurity of its All of Us Research Program to protect participants’ personal health data from cyber and national security threats.
Join top government and industry experts at the Potomac Officers Club’s 2025 Healthcare Summit on Feb. 12 (rescheduled due to the shutdown) to explore the latest in healthcare technology, citizen user experience and innovative solutions transforming federal healthcare. Secure your spot today for this premier GovCon networking event!
In an audit report posted Friday, OIG said the All of Us Research Program aims to improve disease prevention and treatment by providing researchers access to personal health information from over 1 million volunteer participants.
An NIH award recipient oversees the Data and Research Center, or DRC, which stores the participant data.
The OIG audit found that although the DRC award recipient implemented some cybersecurity controls, NIH did not ensure that authorized users’ access to program data was limited as required by program policies.
What Are OIG’s Recommendations for NIH to Improve Cybersecurity?
OIG issued five recommendations for NIH to improve its oversight of the program’s DRC. One of the recommendations is requiring the DRC awardee to implement controls that prevent users from accessing the system from outside the U.S. without verified approval.
According to the report, NIH should ensure the DRC prevents the downloading of detailed participant data in accordance with the program’s data use policies.
Other recommendations in the report are that NIH formally communicate national security concerns about maintaining genomic data to All of Us award recipients; require the DRC awardee to reassess the security categorization for the DRC and DRC-RW information systems in light of national security concerns; and update the remediation timeframe in its system security plans to meet the deadlines in its award agreement with NIH.
Related Articles
President Donald Trump has nominated Maj. Gen. John Rafferty Jr., chief of staff of U.S. European Command, to serve as the next commanding general of U.S. Army Space and Missile Defense Command, or USASMDC, and U.S. Army Forces Strategic Command at Redstone Arsenal in Alabama. Explore the service’s modernization and strategic priorities at the Potomac Officers Club’s 2026 Army Summit on June 18. Hear from top officials and engage in high-value GovCon networking at this must-attend event. Reserve your seat today! In a general officer announcement published Monday, Defense Secretary Pete Hegseth, a 2025 Wash100 awardeee, announced that Rafferty is also
W. Jordan Gillis has been sworn in as the assistant secretary of the Army for installations, energy and environment. He will oversee all Army installations and facilities worldwide and guide policies related to installations, energy management, environment and safety, the service said Monday. Learn about initiatives transforming the Army directly from defense leaders and industry experts at the Potomac Officers Club’s 2026 Army Summit on June 18. The 11th annual edition of the Army Summit will provide insights into how the industrial base can meet the service’s modernization needs through keynote speeches and panel discussions. Secure your spot for the
NASA and its international partners launched the Sentinel-6B satellite aboard a SpaceX Falcon 9 rocket from Vandenberg Space Force Base on Nov. 16. The agency said Monday the satellite, now in low Earth orbit, will collect ocean and atmospheric data to support hurricane forecasting, coastal infrastructure protection, climate monitoring and maritime operations. What Is the Sentinel-6B Satellite? Sentinel-6B is a satellite designed to measure sea surface height, wind speed, wave height and atmospheric conditions. These observations will enhance flood prediction models and aid in identifying ocean temperature patterns that influence storm development and shipping safety. The data will be leveraged to