The Department of Health and Human Services could face a critical breakdown in its IT and cybersecurity systems after a sweeping reduction in force that eliminated key staff and leadership, Wired reported April 14, citing four current and former agency employees.
More than 150 workers in HHS’ Office of the Chief Information Officer were among hundreds of administrative staff laid off April 1, according to the report. These employees were responsible for contract renewals and cybersecurity licenses and oversaw operations at the department’s Computer Security Incident Response Center — the hub for detecting and responding to cyberthreats across the department.
Sources told Wired the cuts left no one in place to renew critical cybersecurity contracts, some of which are set to expire as soon as June. As a result, they said, troves of sensitive public health data — including clinical trial results, patient records and national health surveillance systems — could be left vulnerable to attack.
HHS CIO Jennifer Wendel is also expected to step down next month, compounding the department’s leadership gaps, according to the report.
An HHS spokesperson denied essential cybersecurity operations are at risk, calling the allegations “unfounded rumors” and asserting critical functions remain intact.Still, current and former staffers told Wired that without urgent intervention, HHS systems could “reach a point of no return” in the coming weeks.
