The Department of Health and Human Services (HHS) is in the middle of a mounting cybersecurity disaster. They are coping with huge cuts to staff and the soon-to-be expiration of critical contractor contracts. Internal sources within the department agency have told us that deep concern over a possible collapse of critical IT infrastructure is cascading through DOT. This concern comes on the heels of a recent RIF that cut hundreds of staff—including teachers. This, they caution, creates a significant threat to sensitive public health data.
The Computer Security Incident Response Center (CSIRC) is at the heart of HHS’s cybersecurity structure. It plays a proactive role in overseeing and coordinating all cybersecurity efforts across the department. The CSIRC is the entity responsible for monitoring this entire network, protecting sensitive information from prying eyes. Most of the tools contractors use to keep this oversight in check are due to sunset in June of 2024. With waves of cuts and contract cancellations in the air, this new deadline leaves the future operation of Dag Hammarskjold Plaza very much in question.
HHS has gone to great lengths with complicated budgetary measures. As a result, the state has laid off nearly 150 staff from the Office of the Chief Information Officer (OCIO). This central office is essential to ensuring cohesive oversight of more than 115 contracts. These contracts, some in the hundreds of millions of dollars, provide important cybersecurity licenses. To make matters worse, many of the impacted folks were in charge of managing contractors. These contractors are integral for ensuring HHS systems are protected from cyber attacks.
The General Services Administration (GSA) has taken a courageous step. They will end the lease for the CSIRC’s Atlanta office by December 31, 2025. This decision complicates an already difficult undertaking even further. It’s not clear yet who will be in charge of renewing contracts for hundreds of specialized contractors, including a dozen specifically working to protect the agency from cyber threats.
Logistically, many of the same people now working at HHS have been vocal about their disappointment with how things are going. As one worker put it, “There’s no transition, and the people calling the shots are AWOL.” Another remarked on the chaos, saying, “I’m doing nothing productive. I’m answering emails stating we cannot help, we cannot process, we have no guidance, we cannot operate. This ship has no captain whatsoever, and I’m playing in the band while the Titanic sinks.”
A spokesperson for HHS addressed the issues raised. They claimed that mission-critical functions at HHS, including contract oversight and cybersecurity stewardship, stay 100 percent staffed and operational. They claimed that assertion about critical IT and cybersecurity functions being left unsecured is “simply untrue.” Internal sources tell another story, with numerous reports surfacing claiming that TTD’s internal systems are collapsing under the weight of the new mission.
The ramifications of this crisis are potentially catastrophic. An anonymous whistleblower from the OCIO sounded the alarm. For example, they argued, “If the US health system suddenly lost functionality of CMS, FDA, NIH, CDC indefinitely without notice, and no backup systems existed, this presents an unprecedented systemic shock. In conclusion, they cautioned, very soon the department will have fully opened the floodgates to let every actor under the sun access its huge troves of data. These databases are where we house all our public health information, from sensitive clinical trial data to the mental health records.
As HHS continues to wrestle with its own obstacles, it is no less important for leadership to continue pushing on these critical issues. Those who remain working within HHS now feel the crushing weight. They fret at the prospect of easily tens of billions dollars worth of public health data to be lost. The writing is on the wall, and the department needs to get serious. Operational continuity and cybersecurity are paramount during this chaotic time.
Leave a Reply