HHS takes steps to hire senior cyber advisor

Register now

The Department of Health and Human Services is making progress in efforts to hire a senior advisor for cyber security, with hopes to have the position filled by early next year.

The agency wants to fill the position to give healthcare organizations one point of contact for security challenges and to better coordinate responses with industry organizations and disseminate threat information.

HHS is currently assessing more than 100 applicants for the job, said Beth Killoran, chief information officer for the agency. HHS hopes to begin interviews after reviewing the applications, and while other administrative hiring steps remain, the position could be filled by year-end, she predicts.

Speaking at the CHIME17 Fall CIO Forum in San Antonio, Texas, Killoran, said healthcare organizations need federal support to better deal with cyber threats, calling it one of the industry’s biggest “pain points.”

“We have to do this together,” she told attendees at the conference of the College of Healthcare Information Management Executives. The agency wants to change its role from merely being perceived as an enforcer and penalizing force when provider organizations are victimized by breaches.

Further, HHS plans to set up a communication center so providers “will have one number to call for how to identify threats, how to report breaches and how to respond to cyber incidents,” Killoran said.

HHS also is working in partnership with industry organizations, such as CHIME, the Healthcare Information and Management Systems Society and the National Health Information Sharing and Analysis Center. “We just have to begin collaborating more together,” she said.

Also See: Public-private coordination critical to countering cyber threats

In addition, the agency is working through “tabletop exercises” about how to improve responses if there is another security threat such as the global ransomware attacks of Wannacry and NotPetya.

“We’re focusing on what we can do to help the industry, particularly on the small and mid-sized providers that don’t have a dedicated cyberthreat staff,” she added.

Overall, HHS is trying to modernize its information technology approaches. Killoran highlighted the NIH Commons, which is serving as an aggregator of electronic clinical data for researchers.

HHS itself is rapidly shifting its IT approach, particularly in shifting information to the cloud. Two years ago, when Killoran was the agency’s acting CIO, the department had invested $5 million in using the cloud. This year, HHS will spend $775 million on cloud technologies, and “we expect it to grow exponentially from here.

“If we don’t make this move, we’ll be data rich and information poor,” she explained. Having petabytes of information doesn’t help if “we can’t bring it together to solve the problems of the day or to help U.S. citizens to access it.”

For reprint and licensing requests for this article, click here.