The U.S. Department of Health and Human Services can provide more cybersecurity assistance to healthcare organizations by routinely sharing threat information, the U.S. General Accountability Office said in a report on Monday.
However, the HHS stated that it does not agree with the GAO Recommendation that this can be achieved by coordinating communication between two HHS entities, even though this is in line with six other recommendations made by the GAO.
The two HHS units are the Health Sector Cybersecurity Coordination Center, which was established to improve cyber security information in the sector, and the Healthcare Threat Operations Center, a federal interagency program led by HHS that focuses on providing descriptive and actionable cyber data, among other things.
Due to a lack of coordination between these two entities, the cyber security center does not routinely receive cyber security information from the threat operations center that can be forwarded, the report says.
"Until HHS formalizes the coordination of the two entities, they will continue to miss an opportunity to strengthen information sharing with sectoral partners," the report said.
The report states that HHS claims that there is already close coordination between the centers; it does not believe that there is any duplication in the information sharing of the two entities; and due to the high sensitivity that surrounds the information involved, the threat operations center does not share information without the express permission and permission of the original authority.
GAO said in a report last week that the Department of Defense may underestimate the risks of some of its information technology business systems. Catalog