HHS should improve sharing of cyber threat information: GAO

The U.S. Department of Health and Human Services could provide more cybersecurity help to health care organizations by routinely sharing threat information, the U.S. General Accountability Office said Monday in a report.

But HHS said it disagrees with the GAO’s recommendation that this be accomplished by coordinating communication between two HHS entities, although it does agree with six other recommendations the GAO made.

The two HHS entities are the Health Sector Cybersecurity Coordination Center, which was established to improve cybersecurity information sharing in the sector, and the Healthcare Threat Operations Center, a federal interagency program co-led by HHS that focuses on, among other things, providing descriptive and actionable cyber data.

Because of a lack of coordination between these two entities, the cybersecurity center does not routinely receive cybersecurity information from the threat operations center that can be passed on, the report says.

“Until HHS formalizes coordination for the two entities,

Read the rest