Why GAO did this study. HHS and the healthcare and public health sector rely heavily on information systems to fulfill their missions, including delivering healthcare-related services and responding to national health emergencies, such as COVID-19. Federal laws and guidance have set requirements for HHS to address cybersecurity within the department and the sector. Federal guidance also requires collaboration and coordination to strengthen cybersecurity at HHS and in the sector. GAO was asked to review HHS’s organizational approach to address cybersecurity. This report discusses HHS’s roles and responsibilities for departmental cybersecurity; HHS’s roles and responsibilities for healthcare and public health sector cybersecurity; and HHS’s efforts to collaborate to manage its cybersecurity responsibilities. To perform its work, GAO reviewed documentation describing HHS’s cybersecurity roles and responsibilities, assessed those responsibilities for fragmentation, duplication, and overlap, and evaluated the department’s collaborative efforts against GAO’s leading practices for collaboration. GAO also interviewed relevant officials at HHS and CISA, and in the sector. What GAO recommends. GAO is making seven recommendations to HHS to improve its collaboration and coordination within the department and the sector. HHS agreed with six of the recommendations and disagreed with one. GAO continues to believe that all recommendations are appropriate.
Copyright:
The National Library of Medicine believes this item to be in the public domain. (More information)