The Department of Health and Human Services’ Office of Inspector General (HHS OIG) would like the HHS and the healthcare industry to have greater consciousness of its operation to fight cyberthreats and part of its initiatives is growing the visibility of its cybersecurity activities.
One undertaking is the new website HHS OIG developed detailing the activities it is working on to enhance cybersecurity. The new website centered on cybersecurity will be updated on a regular basis to involve information of cybersecurity activities which have favorably impacted HHS programs and have served to improve the cybersecurity protection, which include reports of its audits, assessments, and examinations of institutions and offices administered by HHS OIG.
On the new website, HHS OIG talks about that it presently makes use of a three-pronged method to secure data and the networks where those records are located. They are resiliency, IT security controls and risk management.
IT security controls refer to technological and procedural measures which protect the privacy, integrity, and availability of information and software programs against vulnerabilities. Risk management is proactively pinpointing risks and dangers and doing something to lessen those pitfalls to an acceptable and realistic level. Resiliency is the formation of guidelines and procedures in response to situations to make certain the speedy recovery from a cyberattack.
HHS OIG told about the creation of a a comprehensive cybersecurity workforce that uses those three principles to the diverse offices it oversees within the HHS and organizations. The workforce involves auditors, evaluators, investigators, legal professionals and other industry stakeholders who are working on encouraging innovations in resiliency to cyberattacks, IT security controls and risk management.
Third-party IT and cybersecurity audits of HHS services, contractors and grantees are done by the OIG Office of Audit Services, Cybersecurity and Information Technology Audit Division. The audits track down risks and dangers to information so steps can be undertaken to avert cyberattacks.
The Office of Evaluation and Inspections perform comprehensive reviews of HHS cybersecurity-targeted programs. Pro legal support for OIG cybersecurity job is made available by the HHS OIG Office of Counsel. Criminal inspections of incidents and accusations that have an effect on HHS services are done by the HHS OIG Office of Investigations, Computer Crimes Unit, specifically, violations of the Computer Fraud and Abuse Act. Information of HHS OIG activities were published to the website starting from 2016. At the kick off, four reports of cybersecurity-targeted activities from 2018 are posted:
- A review of Medicare contractor information security program evaluations
- A review of HHS compliance with FISMA
- A report on an audit of the CMS enrollment system
- A report on a study of the FDA’s review of cybersecurity in premarket submissions for networked medical devices