January 24, 2022

News

News Network

Confronting Heightened Cybersecurity Threats Amid COVID-19

16 min read

Did you know that Americans’ private health data is estimated to be worth up to 20 times the value of financial data on the Dark Web? This makes the Health and Public Health (HPH) Sector a primary target for cybercriminals. When an HPH Sector entity is affected by a cyber event, the public may lose its ability to engage with or receive health services, putting lives at risk. The COVID-19 pandemic has raised the stakes, increasing cyber risk in the HPH Sector in proportion the increased pace of activity amid widespread transition to remote work environments.

The HPH Sector has been significantly impacted due to both existing cybersecurity challenges and those brought on by COVID-19. Resource constraints paired with the complex architecture of both Information Technology (IT) and Operational Technology (OT) hindered HPH entities’ response and recovery efforts.

Cybersecurity is essential for effectively securing data needed to treat patients and maintain their access to critical health services. Patient safety and well-being are the top priorities when it comes to securing health infrastructure. Targeted attacks continue to plague the HPH Sector with the distribution of COVID-19 vaccines underway. Increasing cybersecurity awareness among HPH personnel and the general public can help alleviate the frequency and overall impact of incidents.

The Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have been in close coordination since the onset of the pandemic. This coordination has led to key cybersecurity insights, which are reflected in the following infographics we have made accessible to the HPH Sector and general public:

COVID-19 Cyber Security Impacts Infographic

Government and the private sector must work together to confront cyber challenges and secure HPH data and infrastructure. CISA and HHS recommend HPH entities take the following steps:

HPH:

  • Implement regular network scanning and patching cycles.
  • Leverage email banners, user training, and other tools to reduce risk of phishing.
  • Develop and practice incident response plans in a remote environment, including data backup and recovery.
  • Modernize technologies where feasible—and segment those end-of-life technologies that cannot be modernized. IT modernization through removal of End of Life (EOL) systems and devices will help reduce the risk of introducing permanent vulnerabilities into networks.

Government:

  • Establish disaster response roles and responsibilities between federal agencies; continue work with private industry and sector partners; and continue meaningful collaboration between the Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Department of Health and Human Services (HHS).
  • Develop and implement “State of Emergency” standard operating procedures that include leveraging rapid response technical teams.
  • Implement as appropriate recommendations from the Cyber Solarium Commission (including the addendum during COVID-19).

Cybersecurity Challenges to Healthcare Sector Infographic thumbnailYou can download and share printer-friendly copies of the above Joint-Seal infographics https://www.hhs.gov/sites/default/files/cybersecurity-challenges-to-healthcare-sector-infographic.pdf*

COVID-19 Cyber Security Impacts Infographichttps://www.hhs.gov/sites/default/files/covid-19-cyber-security-impacts-infographic.jpg

* People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office of the Chief Information Officer 202-690-6162 or by emailing OCIO.HHS@hhs.gov

More from: By: Office of the Secretary

News Network

  • Request for Statements of Interest: DRL FY20 Iraq Programs
    In Human Health, Resources and Services
    Bureau of Democracy, [Read More…]
  • Special Operations Forces: Additional Actions Needed to Effectively Manage the Preservation of the Force and Family Program
    In U.S GAO News
    What GAO Found U.S. Special Operations Command (SOCOM) has established minimum requirements for its Preservation of the Force and Family (POTFF) program to improve the readiness and resilience of Special Operations Forces (SOF) and their families, but has not clearly defined a key term—integrated and holistic system of care—to guide implementation of its efforts across the five POTFF domains (see figure). SOCOM officials interpret this key term differently and SOCOM guidance does not provide clarity on how subordinate commands should implement activities to achieve it. Without defining an integrated and holistic system of care or how to achieve it, SOCOM leaves interpretation of the term to subordinate commands and is unable to establish a standard for POTFF's essential coordination functions or activities against which it can assess efforts to help SOF and their families. Preservation of the Force and Family Domains The POTFF program offers a range of services for SOF, but availability and access vary. Participants in GAO focus groups had mixed experiences with POTFF, with some benefitting from services and others lacking access in certain areas, such as spiritual services. SOCOM data indicated that the number and type of POTFF service providers varies by domain and location. Additionally, SOCOM uses an allocation model that does not consider the data required by POTFF guidance, and it lacks a deployment strategy to guide POTFF service provider distribution. Without an allocation model informed by data and a deployment strategy for distributing POTFF service providers aligned to that model, SOCOM will continue to rely on incomplete information to make decisions and may not be able to ensure that service providers are distributed where they are most needed. While SOCOM is upgrading its POTFF data system to one designed to be more capable, the command does not have clear data governance or management guidance. Although SOCOM Directive 10-12 defines minimum data collection requirements for all SOCOM POTFF domains, it lacks standardized data elements. Additionally, according to officials, although SOCOM worked with service component staff to standardize data as much as possible, it had difficulty reaching agreement on which standards to follow. Without guidance that establishes data governance and management for the POTFF program, SOCOM will continue to struggle to define and collect quality data. Why GAO Did This Study For nearly 2 decades, the Department of Defense has increased its reliance on SOF, pushing some to the limits of their physical and mental well-being. To help these special forces and their families, SOCOM established the POTFF program in 2013. In fiscal year 2021, SOCOM expected to make about $80 million available for POTFF program activities and maintained over 800 POTFF service providers across 32 locations worldwide to care for SOF and their families. House Report 116-442 included a provision for GAO to review the POTFF program. GAO evaluated, among other things, the extent to which SOCOM has provided subordinate commands with guidance on POTFF implementation, made POTFF services available and accessible to SOF, and developed an overarching vision for effective data usage for the POTFF program. GAO reviewed SOCOM policies and guidance and analyzed information on POTFF services and service providers. GAO also held focus groups with SOF personnel and interviewed officials managing the program.
    [Read More…]
  • VERITAS: Exploring the Deep Truths of Venus
    In Space
    Under consideration to [Read More…]
  • Defense Management: Opportunities Exist to Improve DOD’s Reform Efforts
    In U.S GAO News
    What GAO Found The Department of Defense (DOD) has long sought to reform its enterprise business operations—such as its processes to manage contracts, finances, and supply chain— but faces challenges in improving department-wide management. DOD has taken some actions to improve its business operations data, but remains limited by the lack of reliable cost data, affecting its ability to monitor and inform its reform efforts. Having reliable data to identify baseline costs of the department's business and management functions and to measure progress has been a key challenge facing DOD, but one the department is trying to address. As GAO reported in November 2020, DOD has made progress in setting baseline costs of certain activities, such as logistics and real estate management. Further, DOD has ongoing efforts to develop baselines for all of the department's enterprise business operations that should enable it to better monitor reform progress. However, DOD needs better data about how it performs its business functions. For example, in September 2018, GAO reported that DOD's efforts to reduce inefficiencies in human resources services were hampered by inconsistent performance data across the six organizations that provide these services. DOD has ongoing efforts to address GAO's recommendations. DOD still needs clear roles, responsibilities, authorities and dedicated resources to support reform. GAO has found that demonstrating sustained leadership commitment—including through ensuring that those responsible for leading change have clearly defined and documented roles, responsibilities, and authorities—is imperative for successful business transformation. GAO has assessed many of DOD's organizational structures over the decades, including the recently eliminated Chief Management Officer (CMO) position. GAO found that, while Congress had given the CMO both significant responsibilities and authorities, DOD had not resolved unanswered questions about how those authorities would be carried out, nor communicated the CMO's roles and responsibilities department-wide. GAO also identified instances where CMO reforms were hampered by a lack of resources. As DOD moves to an organization without the CMO position, which was eliminated in 2021, clarifying the roles and responsibilities of those tasked with managing business reform remains important. DOD could also improve its efforts to reliably demonstrate progress toward meaningful reform. DOD has reported achievements from some of its department-wide efforts, such as its reported $37 billion in savings from fiscal years 2017 to 2021. However, GAO reported in November 2020 that while DOD's reported savings were largely reflected in its budget materials, the underlying analyses were not always well documented and the savings were not always consistent with the department's definitions of reform. For example, one reform initiative was based on delaying military construction projects that, according to DOD officials, allowed DOD to fund higher priorities. If a delayed project is still planned, however, the costs will likely be realized in a future year and are not a reflection of business process reform. DOD concurred with GAO's recommendations to establish a process to standardize development and documentation of such cost savings, and ensure that reported savings are consistent with the department's definitions of reform. Why GAO Did This Study DOD spends billions of dollars each year to maintain key business operations and defense-wide agencies and programs intended to support the warfighter, including systems and processes related to the management of contracts, finances, the supply chain, support infrastructure, and weapon systems acquisition. The department's approach to transforming these business operations is linked to its ability to perform its overall mission, directly affecting the readiness and capabilities of U.S. military forces. This testimony summarizes GAO's past work related to DOD's efforts to improve the management of its business operations. Specifically, this testimony discusses DOD's efforts to (1) improve data and baselines to monitor and inform reform efforts; (2) establish clear roles, responsibilities, and authorities for leading reform efforts, and dedicate resources to these efforts; and (3) reliably demonstrate progress in its reform efforts. This statement is based on GAO's body of work issued from 2017 through 2020 on DOD management and business reform issues.
    [Read More…]
  • G7 Statement on Hong Kong Electoral Changes
    In Crime Control and Security News
    Office of the [Read More…]
  • Program on VMI Case Recalls Ginsburg’s Crusade for Gender Equality
    In U.S Courts
    A recent program honoring the 25th anniversary of a landmark case allowing women to enroll in the Virginia Military Institute (VMI) also celebrated a broader theme: Justice Ruth Bader Ginsburg’s decades-long effort to remove gender bias from state and federal laws.
    [Read More…]
  • Defense Infrastructure: Overseas Master Plans Are Improving, but DOD Needs to Provide Congress Additional Information about the Military Buildup on Guam
    In U.S GAO News
    Over the next several years, implementation of the Department of Defense's (DOD) Integrated Global Presence and Basing Strategy will result in the realignment of U.S. forces and the construction of new facilities costing billions of dollars at installations overseas. The Senate and House reports accompanying the fiscal year 2004 military construction appropriation bill directed GAO to monitor DOD's overseas master plans and to provide congressional defense committees with assessments each year. The Senate report accompanying the fiscal year 2007 military construction appropriation bill directed GAO to review DOD's master planning effort for Guam as part of these annual reviews. This report, first, examines how the overseas plans have changed and the extent to which they address the challenges faced by DOD and, second, assesses the status of DOD's planning effort and the challenges associated with the buildup of military forces and infrastructure on Guam.The fiscal year 2008 overseas master plans, which provide infrastructure requirements at U.S. military facilities in each of the overseas regional commands' area of responsibility, have been updated to reflect U.S. overseas defense basing strategies and requirements as well as GAO's prior recommendations for improving the plans. The plans also address DOD's challenges to a greater extent than they did in previous years. However, two areas continue to be of concern. First, the master plans do not address the issue of residual value--that is, the value of property being turned over to the host nation based on its reuse of property. Although DOD officials believe that residual value cannot be readily predicted and therefore should not be in the master plans, compensation received for U.S capital improvements at installations returned to host nations could affect U.S. funding requirements for overseas construction. Second, the master plan for PACOM, which provides details on the command's training limitations in Japan and several other challenges, does not provide details regarding training limitations for the Air Force in South Korea, which could cause the United States to pursue alternatives, such as training in other locations, downsizing, or relocating that could affect overseas basing plans. Without addressing the residual value issue and providing details on these training challenges, DOD cannot provide Congress a comprehensive view enabling it to make informed decisions regarding funding. GAO has previously recommended that overseas regional commands address residual value issues and that PACOM explain how it plans to address existing training limitations. Because these recommendations have not been fully addressed, GAO considers them to be open and believes that they still have merit. DOD's planning effort for the buildup of military forces and infrastructure on Guam is in its initial stages, with many key decisions and challenges yet to be addressed. Among the challenges to be addressed is completing the required environmental impact statement, initiated in March 2007. According to DOD officials, this statement and associated record of decision could take up to 3 years to complete and will affect many of the key decisions on the exact location, size, and makeup of the military infrastructure development--decisions needed to develop a master plan for the military buildup on Guam. DOD and the services are still determining the exact size and makeup of the forces to be moved to Guam, needed in order to identify the housing, operational, quality of life, and services support infrastructure required for the Marine Corps realignment and the other services' buildup. DOD officials said that additional time is needed to fully address other challenges associated with the Guam military buildup, including funding requirements, operational requirements, and community impact. Until the environmental assessment and initial planning efforts are completed, Congress will need to be kept abreast of developments and challenges affecting infrastructure and funding decisions to make appropriate funding and oversight decisions.
    [Read More…]
  • Joint Statement on the Anniversary of Mr. Alexey Navalny’s Poisoning
    In Crime Control and Security News
    Office of the [Read More…]
  • Justice Department Settles Claim Against California-Based Staffing Company for Favoring Temporary Visa Workers Over U.S. Workers
    In Crime News
    The Department of Justice announced today that it signed a settlement agreement with AllianceIT, a provider of IT staffing services based in Pleasanton, California. This is the tenth settlement under the Civil Rights Division’s Protecting U.S. Workers Initiative, which is aimed at targeting, investigating, and taking enforcement actions against companies that discriminate against U.S. workers in favor of temporary foreign visa workers.
    [Read More…]
  • Secretary Pompeo’s Remarks to the Press
    In Crime News
    Michael R. Pompeo, [Read More…]
  • Mongolia National Day and 100th Anniversary
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Antigua and Barbuda’s National Day
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Joint Statement by the U.S. Equal Employment Opportunity Commission, Department of Justice, and Department of Labor Commemorating the 30th Anniversary of the Americans with Disabilities Act and its Impact on the American Workforce
    In Crime News
    July 26, 2020, marked the 30th anniversary of the enactment of the Americans with Disabilities Act (ADA).  This landmark civil rights law protects access and opportunity for people with disabilities across community life, including employment.
    [Read More…]
  • International Day of the Victims of Enforced Disappearances
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Blinken’s Call with Canadian Foreign Minister Garneau
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Federal Research Grants: OMB Should Take Steps to Establish the Research Policy Board
    In U.S GAO News
    As of January 2021, the Office of Management and Budget (OMB) had not established the Research Policy Board as required by the 21st Century Cures Act. The act requires OMB to establish the Board within 1 year of the December 13, 2016 enactment of the act. The Board is to provide information on the effects of regulations related to federal research requirements. OMB stated that it had not established the Board because of issues with the Department of Health and Human Services’ (HHS) and other federal agencies’ full participation in the Board’s potential activities to develop or implement a modified approach to indirect cost policies. According to OMB, “the Board would necessarily delve into issues related to compliance burden and indirect cost reimbursement to entities that receive federal funding for research.” Specifically, OMB pointed to a statutory provision appearing in annual appropriations bills that it believes prohibits HHS and other agencies from taking action on issues that could implicate certain indirect cost provisions. According to OMB, this provision could, if continued in future bills, “complicate or even possibly prohibit HHS from participating in major elements of the Board’s process.” OMB stated that, without representation of a major research agency such as the National Institutes of Health (NIH), which is part of HHS, “OMB would not be equipped to meet the statutory goals of the Board.” However, HHS stated in October 2020 that the indirect cost provision would not prohibit NIH’s participation on the Board and that the department was not aware of any other appropriations law provision that would prohibit such participation. GAO has no basis to disagree with HHS’s position. The 21st Century Cures Act does not specifically direct the Board to examine issues related to indirect costs, and we identified other issues that may fall within the scope of the Board’s activities. For example, the act specifies five activities that the Board may conduct, including creating a forum for the discussion of research policy or regulatory gaps, and identifying regulatory process improvements and policy changes. The Board could consider examining these or other issues related to streamlining and harmonizing regulations and reducing administrative burden in federally funded research in accordance with the 21st Century Cures Act. By not having established the Board, OMB is missing opportunities for the Board to provide information on the effects of regulations related to requirements for federally funded research, and to make recommendations to harmonize and streamline such requirements. Further, OMB has limited time to establish the Board and the Board may have insufficient time to complete its work before the Board is set to terminate on September 30, 2021. The 21st Century Cures Act requires OMB to establish an advisory committee, to be known as the Research Policy Board, that is responsible for making recommendations on modifying and harmonizing regulation of federally funded research to reduce administrative burden. The Board is to consist of both federal and non-federal members and include not more than 10 members from federal agencies, including officials from OMB, the Office of Science and Technology Policy (OSTP), HHS, the National Science Foundation, and other departments and agencies that support or regulate scientific research, as determined by the OMB Director. The 21st Century Cures Act includes a provision for GAO to conduct an independent evaluation of the Board’s activities. This report examines the steps OMB has taken to establish the Board as required by the 21st Century Cures Act. GAO reviewed written responses and other information from OMB, HHS, and OSTP; the 21st Century Cures Act and other laws related to the Board and its establishment; relevant reports on issues related to administrative burden; and related documents such as memoranda and agency guidance. GAO submitted a draft report containing the results of its evaluation to Congress on December 10, 2020. Congress should consider extending the period of authorization for the Research Policy Board, giving OMB additional time to establish the Research Policy Board and complete its statutory mission under the 21st Century Cures Act. GAO recommends that OMB establish the Research Policy Board as mandated by the 21st Century Cures Act and report to Congress on the Board’s activities. OMB did not agree or disagree with this recommendation. We maintain that the evidence in this report shows the need for our recommendation. For more information, contact John Neumann at (202) 512-6888 or neumannj@gao.gov.
    [Read More…]
  • Kiribati’s National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Blinken’s Call with Icelandic Foreign Minister Thordarson
    In Crime Control and Security News
    Office of the [Read More…]
  • Troubled Asset Relief Program: Treasury Continues Winding Down Housing Programs
    In U.S GAO News
    The Department of the Treasury (Treasury) continues to wind down housing assistance programs funded by the Troubled Asset Relief Program (TARP). Treasury has extended one program to assist certain program participants who have been affected by the COVID-19 pandemic, although limited program funds remain at this point. As of September 30, 2020, Treasury had disbursed $30.85 billion (95 percent) of the $32.56 billion TARP funds obligated to the three housing programs (see figure). The Making Home Affordable program allowed homeowners to apply for loan modifications to avoid foreclosure. Treasury will continue to provide incentive payments for loan modifications through 2023. The Housing Finance Agency Innovation Fund for the Hardest Hit Housing Markets provided funds to 18 states and the District of Columbia to help struggling homeowners through programs tailored to the state. Treasury extended this program through June 2021 because of the COVID-19 pandemic's negative economic effects on some program participants. The Federal Housing Administration (FHA) Short Refinance program allowed eligible homeowners to refinance into an FHA-insured loan. Under this program, Treasury made TARP funds available to provide additional coverage to lenders for a share of potential losses on these loans for borrowers who entered the program by December 31, 2016. Status of Troubled Asset Relief Program Housing Programs, as of September 2020 aAccording to the Department of the Treasury (Treasury), these funds have been committed to future financial incentives for existing Making Home Affordable transactions, as of September 30, 2020. bRepresents the amount of funds that states and the District of Columbia have drawn from Treasury. cIncludes about $11.6 million in administrative expenses and $10 million of reserve funds, as of September 30, 2020. Treasury will be reimbursed for unused reserve amounts. dAmounts do not add up due to rounding. In response to the 2008 housing crisis, Treasury established TARP-funded housing programs to help struggling homeowners avoid foreclosure and preserve homeownership. Since 2009, Treasury has obligated $32.56 billion for such housing programs. The Emergency Economic Stabilization Act of 2008 provided GAO with broad oversight authorities for actions taken related to TARP. This report provides an update on the status of TARP-funded housing programs, as of September 30, 2020. GAO reviewed Treasury program data and documentation, and interviewed Treasury officials. This report contains the most recently available public data at the time of GAO's review, including obligations, disbursements, and program participation. For more information, contact John H. Pendleton at (202) 512-8678 or pendletonj@gao.gov.
    [Read More…]
  • Two Members of Notorious Videogame Piracy Group “Team Xecuter” in Custody
    In Crime News
    Two leaders of one of the world’s most notorious videogame piracy groups, Team Xecuter, have been arrested and are in custody facing charges filed in U.S. District Court in Seattle.
    [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.