Cybersecurity Activities Awareness Highlighted in New HHS OIG Web Page

by | Oct 10, 2018

The Department of Health and Human Services’ Office of Inspector General (HHS OIG) is highlighting awareness of the measures it implements to address cyberthreats within the HHS and the healthcare sector as a whole and is implementing measure to raise transparency of its cybersecurity tactics.

Included in these steps is the introduction of a new web page, which outlines the activities that HHS OIG is engaged in to enhance cybersecurity. The new cybersecurity-focused web portal will be constantly updated to list details of the latest cybersecurity activities that have positively affected HHS programs and have helped reinforce the cybersecurity defenses, including reports of its audits, evaluations, and inspections of its offices and agencies that HHS OIG manages.

On the newly-introduced web page, HHS OIG explains that it currently uses a three-pronged method to secure data and the systems on which those data are kept. These are 1. IT security controls 2. Risk management and 3. Resiliency.

IT security controls are technological and procedural controls that safeguard against weaknesses to the confidentiality, integrity, and availability of data and systems. Risk management is proactively searching for and finding risks and threats and taking action to minimize those risks to a reasonable and acceptable level. Resiliency is the development of strategies and procedures for incident response that will ensure data can be recovered swiftly following a cyberattack.

HHS OIG revealed that it has formed multidisciplinary cybersecurity team that implements those three principles in the various offices within the HHS and agencies that it manages. The team includes auditors, investigators, evaluators, attorneys and other industry stakeholders who concentrate on fostering improvements in IT security controls, risk management and resiliency to cyberattacks.

Independent IT and cybersecurity reviews of HHS programs, grantees, and contractors are completed by the OIG Office of Audit Services, Cybersecurity and Information Technology Audit Division. The audits find risks and threats to data to permit action to be taken to stop cyberattacks.

Broad evaluations of HHS cybersecurity-related programs are completed by the Office of Evaluation and Inspections, expert legal support for OIG cybersecurity work is supplied by the HHS OIG Office of Counsel, and criminal investigations into incidents and claims that impact HHS programs are carried out by the HHS OIG Office of Investigations, Computer Crimes Unit, in particular, violations of the Computer Fraud and Abuse Act.

Reports of HHS OIG operations have already been added to the web page dating back to 2016 and, at launch, there are four reports of cybersecurity-related activities from 2018:

  1. A review of Medicare contractor information security program evaluations
  2. A review of HHS compliance with FISMA
  3. A report on an audit of the CMS enrollment system
  4. A report on a study of the FDA’s review of cybersecurity in premarket submissions for networked medical devices.

HHS OIG summarizes the actions it is implementing to address cybersecurity within HHS and the healthcare sector in this video:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy