Cybersecurity measures
HHS Adopting Zero Trust to Protect IT Infrastructure, CIO Says
The Department of Health and Human Services is turning to zero trust to protect its information technology infrastructure, a top official said.
HHS Chief Information Officer Gerry Caron said the department currently uses a hierarchical “stovepiped” approach to cybersecurity, GovernmentCIO Media & Research reported Wednesday.
“What we’re talking about with zero trust is a true integration of all our security so that it all works together because we have to make risk-based decisions,” Caron said during a webinar hosted by the Advanced Technology Academic Research Center.
The National Institute of Standards and Technology defines zero trust as a security architecture that does not automatically trust user accounts based on their physical or network location.
Zero trust is a key element of President Joe Biden’s May 12 executive order, which is focused on strengthening the federal government’s cybersecurity.
Caron said the executive order made it clear that zero trust is important for every echelon of the federal government.
Biden’s mandate is also aimed at moving the government’s cybersecurity posture beyond mere compliance, the CIO said.
Caron added that the coronavirus pandemic impacted HHS’ ability to conduct quick assessments of risk tolerance. The department is reportedly also suffering in other cybersecurity areas.
The Government Accountability Office reported in June that poor coordination hampered HHS’ ability to routinely share cyber threat information with private sector partners.
GAO attributed the issue to a disconnect between the Healthcare Threat Operations Center and the Health Sector Cybersecurity Coordination Center.
The report came amid a rise in cyberattacks on health care organizations’ IT that endangered patient privacy and disrupted essential telehealth services.
Category: Cybersecurity