The Government Accountability Office has publicized a report after an assessment of the organizational solution to the cybersecurity of the U.S. Department of Health and Human Services (HHS).
The study was held because the HHS and the healthcare and public health segment are very much dependent on information systems to finish their tasks, such as offering healthcare services and responding to nationwide health emergencies. In the event of interruption of any data systems, it may have serious effects for the HHS and healthcare industry institutions and can be disastrous for people in the U.S.A. who count on their assistance.
A cyberattack bringing about the interruption of IT systems utilized in hospitals, pharmacies, and doctors’ clinics would affect the acceptance and delivery of the life-saving drugs and other things required by patients and medical establishments.
The HHS needs to employ safety measures to secure its computer solutions from cyber hackers trying to get hold of sensitive information to commit scam and identity theft, perform attacks to disturb functions or acquire access to networks to kick off attacks on other computer networks. During the pandemic, lots of threat actors and APT groups have attacked the medical care field, with the GAO showing that the FBI and CISA have released a number of warnings within the last 12 months concerning cyber threats mainly focusing on medical and public health entities.
The GAO states that the HHS has plainly outlined roles and obligations, which is crucial for successful collaboration; even so, there were various places where developments may be made, largely with regards to venture with its partners.
HHS working groups were examined on the level to which they exhibited Leading Practices for Collaboration. All seven of the HHS working groups fulfilled the Leading Practices: Bridge organizational cultures, recognize leadership, involve suitable contributors in the group, identify assets. 6 working groups satisfied the Leading Practices: Clarify tasks and duties and document and consistently update written policies and agreements, and five groups fulfilled the Leading Practice: Define and keep tabs on results and responsibility.
The GAO created 7 recommendations regarding how the HHS could make improvements to collaboration and coordination in the HHS and with the medical care industry.
The HHS Secretary ought to order the CIO to coordinate cybersecurity threat information sharing between the Healthcare Threat Operations Center (HTOC) and the Health Sector Cybersecurity Coordination Center (HC3).
The HHS Secretary must order the CIO to check, examine, and report on the progress and efficiency of the HHS Chief Information Security Officer Council, Cloud Security Working Group, and Continuous Monitoring and Risk Scoring Working Group.
The HHS Secretary needs to command the Assistant Secretary for Preparedness and Response to keep track, assess, and document the development and effectiveness of the HHS Cybersecurity Working Group and the Government Coordinating Council’s Cybersecurity Working Group.
The HHS Secretary must order the CIO to consistently watch and update written agreements conveying how the HHS Chief Information Security Officer Council, Cloud Security Working Group and Continuous Monitoring and Risk Scoring Working Group are going to aid collaboration, and make sure that authorizing authorities evaluate and approve the current agreements.
The HHS Secretary needs to order the Assistant Secretary for Preparedness and Response to make certain that authorizing representatives examine and approve the charter explaining how the HHS Cybersecurity Working Group will help in collaboration.
The HHS Secretary must direct the Assistant Secretary for Preparedness and Response to complete written agreements that consist of a description of how the Government Coordinating Council’s Cybersecurity Working Group is going to team up; distinguish the roles and obligations of the working group; track and update the written agreements consistently; and make sure that authorizing officers leading the working group say yes to the completed agreements.
The HHS Secretary needs to order the Assistant Secretary for Preparedness and Response to have an up-to-date charter for the Joint Healthcare and Public Health Cybersecurity Working Group for the present fiscal year and make certain that approving officials in charge of the working group review and accept the latest charter.
The HHS concurred with six of the recommendations and disapproved one. The HHS is now working to deal with the 6 recommendations it agreed with. The HHS failed to agree with the advice to organize cybersecurity data sharing between HTOC and HC3.