HHS Faces Criticism Over Unaddressed Cybersecurity Risks and New Leadership Controversy

The Department of Health and Human Services (HHS) is under scrutiny for its ongoing struggles with cybersecurity, according to a recent report by the Government Accountability Office (GAO). The GAO highlighted that HHS has not addressed key cybersecurity recommendations, which could result in “potential adverse impact on healthcare providers and patient care.”

The report noted that despite several initiatives aimed at mitigating ransomware risks, HHS has failed to adequately monitor the implementation of these measures by healthcare facilities. For instance, while many U.S. hospitals have adopted the National Institute of Standards and Technology’s Cybersecurity Framework, HHS is not tracking the adoption of ransomware-specific practices within this framework.

Additionally, the GAO warned that HHS has not conducted a comprehensive sector-wide cybersecurity risk assessment for Internet of Things and operational technology devices, nor has it addressed the need for better coordination and collaboration among federal agencies on cybersecurity policies.

In another significant development, President-elect Donald Trump is expected to nominate Robert F. Kennedy Jr. to lead HHS, a move that is likely to be controversial given Kennedy’s history of promoting debunked claims that vaccines cause autism. This nomination has raised concerns among public health experts and could impact the department’s policies on health and vaccination.

Separately, HHS has also launched a nationwide public awareness campaign to promote the Maternal Mental Health Hotline (1-833-TLC-MAMA), aimed at supporting maternal mental health across the country.