GAO Says HHS Should Implement Healthcare Cyber Recommendations

The Department of Health and Human Services continues to face challenges in exercising its cybersecurity responsibilities, according to a new report by the Government Accountability Office. GAO said Wednesday that although it had already highlighted those challenges in previous work, HHS has yet to implement all of the recommendations to address them. HHS is the healthcare and public health sector lead agency, and in this role, it is tasked with bolstering the sector’s cybersecurity. Adopting Cybersecurity Practices One of the challenges faced by HHS involves the adoption of leading cybersecurity practices to overcome various risks, including ransomware. GAO had previouslyThe post GAO Says HHS Should Implement Healthcare Cyber Recommendations first appeared on Executive Gov.

featured-image

The Department of Health and Human Services continues to face challenges in , according to a new report by the Government Accountability Office. GAO said Wednesday that although it had already highlighted those challenges in previous work, HHS has yet to implement all of the recommendations to address them. HHS is the healthcare and public health sector lead agency, and in this role, it is tasked with bolstering the sector’s cybersecurity.

Table of Contents Adopting Cybersecurity Practices One of the challenges faced by HHS involves the adoption of leading cybersecurity practices to overcome various risks, including ransomware. GAO had previously determined that HHS does not adequately monitor the implementation of various cyber risk mitigation practices, including those outlined in the National Institute of Standards and Technology Cybersecurity Framework. A related challenge is HHS’ failure to evaluate the cybersecurity support it provides to the healthcare sector.



To address these issues, GAO recommends that HHS work with various partners, including the Cybersecurity and Infrastructure Security Agency, to establish the extent to which cyber best practices are being implemented by entities within the health sector. HHS should also work to develop a procedure that would measure the effectiveness of the support it offers to the sector. Assessing IoT and OT Devices GAO also learned that HHS had not conducted a sector-wide cybersecurity risk assessment of Internet of Things and operational technology devices, which are used to deliver various health care services.

To correct the issue, HHS has been called on to include IoT and OT devices in risk assessments. According to GAO, unless HHS fully implements these and other recommendations, the agency might not only fail to effectively carry out its responsibilities, it may also bring about negative effects on patients as well as healthcare providers. The Potomac Officers Club’s will explore the transformative trends and innovations shaping the future of the healthcare sector.

, which will take place on Dec. 11..