It’s only been a few months since RFK Jr. took office as head of the Department of Health and Human Services but, unless something changes drastically, he is shaping up to be one of the worst health leaders in the history of the agency.
Under Kennedy’s watch, the HHS has fired thousands of staff, including researchers and scientists from the CDC, the FDA, and other key health and science agencies that do critical research and protect Americans’ health. At the same time, massive funding cuts have threatened state and local health programs that rely on government money to operate. Last week, Kennedy claimed he was “not familiar” with many of the cuts that have gone through. Now, a new report claims that the government is also in the midst of purging itself of its IT and cybersecurity teams—a move that leaves countless terabytes of sensitive health and science data at risk of online exposure, critics claim.
Wired writes that, under Kennedy, the HHS has become a massive data breach waiting to happen. Major cuts that impact units like the Computer Security Incident Response Center—a team tasked with protecting the agency’s various departments from cyberattacks—have resulted in a situation that government insiders describe as a “looming catastrophe.”
The problem is that a large amount of administrative staff who are tasked with filling slots for mission-critical IT and cybersecurity roles have been let go, leaving many of those programs in limbo. The magazine notes that “staff who oversee and renew contracts for critical enterprise services are no longer there.” Those missing staff are responsible for overseeing “hundreds of contractors, some of whom play a crucial role in keeping systems and data safe from cyberattacks.” In particular, the HHS is waiting for the renewal of contracts for “hundreds of specialized contractors who perform critical tasks for the department, including a dozen cybersecurity contractors who work at the Computer Security Incident Response Center (CSIRC)—the primary component of the department’s overall cybersecurity program which is overseen by the chief information security officer,” the magazine writes.
That is really bad news since the HHS is tasked with maintaining thousands of incredibly sensitive records, including the health records of hundreds of millions of Americans and clinical trial data. That data could be subject to online attacks if the cybersecurity protections around it falter, sources interviewed by the magazine said. “Pretty soon, within the next couple of weeks, everything regarding IT and cyber at the department will start to operationally reach a point of no return,” one source, who was recently let go, told the magazine.
Some of the blame has also been placed on the new agency’s new chief information officer, Clark Minor. Previously a longtime Palantir employee, Minor took over as CIO at the HHS in February. Wired’s report quotes anonymous staff who said that Minor seemed “overwhelmed” by the position, and that, as of yet, he has not provided any “guidance to the remaining HHS staff” on the current situation.
Gizmodo reached out to the HHS for comment. In a statement provided to Wired, an HHS spokesperson said: “The suggestion that critical IT and cybersecurity functions at HHS are being left unsecured is simply untrue. Essential operations at HHS, including contract management and cybersecurity oversight—remain staffed and functional. It’s unfortunate that some former employees are spreading unfounded rumors. HHS remains committed to a secure, modernized HHS that serves the American people, not internal bureaucracy.”
Read the full article here
