Trump’s proposed budget adds an additional $22 million to Health and Human Services cyber initiatives.
Enhancing the cybersecurity of the Health and Human Service Department will be a top challenge in the coming year, according to a report to Congress released this week.
The amount and complexity of HHS data makes it difficult for the department to adequately protect that data from hackers and from improper access by employees and contractors, the semiannual report from HHS’ inspector general states.
Improper access to the data could damage the privacy of Americans’ health information among other outcomes, according to the report.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The department is conducting penetration testing of HHS networks and applications to determine whether security safeguards are strong enough, the report states. The tests also aim to determine how sophisticated an attacker would have to be to gain access to data and how likely the department is to spot the penetration.
The report comes as a House Energy and Commerce Committee panel is preparing for a hearing Thursday on HHS cybersecurity efforts. The panel has not yet released a witness list for that hearing.
President Donald Trump’s proposed 2018 fiscal year budget, released last week, committed an additional $22 million over the fiscal 2017 appropriated figure to boost HHS cybersecurity efforts. The budget cited the importance of protecting proprietary company information held by the Food and Drug Administration and health records held by the Centers for Medicare and Medicaid Services as major priorities.
Total cyber funding in the budget is $72 million for the year.
Some of that money will also go to an information sharing center HHS is preparing to launch to share cyber threat indicators with hospitals and other health care providers, budget documents state.
U.S. hospitals have been frequent targets of ransomware attacks and numerous hospitals in Britain were victims of the recent WannaCry ransomware campaign.