Report: HHS Continues to Have Challenges with Cybersecurity in Healthcare

On November 13, the U.S. Government Accountability Office (GAO) released a report on the U.S. Department of Health and Human Services (HHS) cybersecurity challenges. GAO urged the HHS to implement their prior recommendations to address the challenges.

“As the lead federal agency for the healthcare and public health sector, HHS is responsible for strengthening cybersecurity in the sector,” the report stated. “These responsibilities include coordinating with the Cybersecurity and Infrastructure Security Agency (CISA), the national coordinator for critical infrastructure security and resilience.”

“HHS has several initiatives intended to mitigate ransomware risks for healthcare and public health,” GAO underscored. The report claimed that the department had not adequately monitored the sector’s implementation of ransomware mitigation practices.

“Our prior work has highlighted HHS’ challenges in carrying out its lead responsibilities for sector cybersecurity,” GAO noted. “The department has not yet implemented all our recommendations to address these challenges.”

GAO recommended the HHS investigate the healthcare sector’s adoption of cybersecurity practices. Additionally, risk assessments for medical devices are needed.

“Until HHS implements our prior recommendations related to improving cybersecurity, the department risks not being able to effectively carry out its lead agency responsibilities, resulting in potential adverse impact on healthcare providers and patient care,” GAO stated.