On November 13, the US Government Accountability Office (GAO) released a report on the cybersecurity challenges of the US Department of Health and Human Services (HHS). GAO urged HHS to implement its previous recommendations to address the challenges.
“As the lead federal agency for the healthcare and public health sector, HHS is responsible for strengthening cybersecurity in the sector,” the report states. “These responsibilities include coordination with the Cybersecurity and Infrastructure Security Agency (CISA), the national coordinator for critical infrastructure security and resilience.”
“HHS has several initiatives aimed at mitigating ransomware risks to healthcare and public health,” the GAO stressed. The report stated that the department had not adequately monitored the sector’s implementation of ransomware mitigation practices.
“Our past work has highlighted HHS’s challenges in carrying out its core responsibilities for industry cybersecurity,” GAO said. “The department has not yet implemented all of our recommendations to address these challenges.”
The GAO recommended that HHS investigate the healthcare sector’s adoption of cybersecurity practices. Additionally, risk assessments for medical devices are needed.
“Until HHS implements our previous recommendations related to improving cybersecurity, the department is at risk of being unable to effectively carry out its lead agency responsibilities, resulting in potential adverse impacts on care providers.” and patient care,” the GAO said.
