A multidisciplinary SEO cybersecurity team has been formed by HHS OIG. It is comprised of investigators, attorneys, evaluators, and auditors from various agencies in the HHS to protect data and departmental systems and adopt best practices for cybersecurity among stakeholders and partners.
The representatives from this team include the following HHS agencies:
- The Office of Audit Services, Cybersecurity, and Information Technology Audit Division (carries out IT and cybersecurity audits of HHS grantees, contractors, and programs)
- The Office of Evaluation and Inspections (carries out extensive evaluations of HHS cybersecurity programs)
- Office of Investigations, Computer Crimes Unit (conducts criminal investigations into incidents and allegations that affect programs and operations of the HHS)
- Office of Counsel (provides legal support for cybersecurity work related to the HHS OIG)
HHS OIG explains that the new SEO cybersecurity team will impact the cybersecurity culture in a positive way for HHS by detecting and making recommendations to address cybersecurity threats and vulnerabilities.
A three-pronged approach is being taken by the team to help protect HHS data and systems including risk management, IT controls, and resiliency along with the ability to recover from a disaster or a cyber- attack and incident response procedures.
Protecting systems, beneficiaries, and HHS data from cybersecurity threats will be the team’s main focus.
Breaches and cybersecurity threats pose significant risks to the availability, integrity, and confidentiality of complex data, which could cause lots of problems including threatening the fundamentals of our infrastructure and the ability for HHS to offer crucial services and programs which place the safety and health of the patients at risk.
Healthcare data is of great value to cybercriminals. Electronic Health Records, for example, are worth 10 times more than just a credit card number. Individuals and organized groups act on behalf of foreign nations and criminal organizations who have very sophisticated resources and tools.
HHS plans to take steps that will not only protect HHS data and systems but adopt a culture of cybersecurity amid its stakeholders and partners.
It is important to protect the availability, integrity, and confidentiality of patients’ personal information.
HHS has also been advised by the OIG to create a best-practices culture for cybersecurity among its stakeholders and partners which can be done through contract and grant requirements, guidance, monetary incentives, and regulations.
No matter how it’s done, though, the HHS needs to decide how to support their stakeholders’ and partners’ efforts efficiently to improve cybersecurity while being aware of the wide range of diversity in the infrastructure and resources readily accessible to detect, respond, and prepare for cybersecurity concerns.