Health and Human Services

Health and Human Services Mission Statement

The Department of Health and Human Services (HHS) is the United States government’s principal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

From the HHS Strategic Plan

  1. Health Care: Improve the safety, quality, affordability and accessibility of health care, including behavioral health care and long-term care.
  2. Public Health Promotion and Protection, Disease Prevention, and Emergency Preparedness: Prevent and control disease, injury, illness, and disability across the lifespan, and protect the public from infectious, occupational, environmental, and terrorist threats.
  3. Human Services: Promote the economic and social well-being of individuals, families and communities.
  4. Scientific Research and Development:Advance scientific and biomedical research and development related to health and human services.

The HHS CIO posts their IT strategic plan online at:

The HHS IT enterprise architecture articulated there does address security, providing guidance to a program called “Secure One HHS.” The goal of this cyber security program is to address all security needs and concerns for the department and to: “foster an enterprise-wide secure and trusted IT environment in support of HHS’ commitment to improve the health, safety, privacy and well-being of the American people.”


HHS thought leadership in transparency and gov2.0 are helping drive technology approaches in many parts of the federal space. So their approach to cyber security is potentially going to be influential far beyond their department.

Cyber/Information Security Trends

  • Two mandatory programs are in the HHS budget: Medicare and Medicaid. Thus they have detailed personal and medical records for around 100 million Americans. It is extremely important that they guard these records from identity theft and other potential crimes. Further, the Center for Disease Control and NIH are under the purview of the HHS. The NIH is the center for medical research and development funded by the US – everyday creating research and intellectual property that is sensitive and secure. The CDC is a place that combats bioterrorism – making it a prime target for a joint terrorist attack.
  • IT Security and Privacy
    • Develops, implements and administers the Secure One program to protect the information resources of the Department.
    • Monitors all Departmental systems development and operations for security and privacy compliance and provides advice and guidance to ensure compliance standards are included throughout system life cycle development.
    • Develops, implements, and evaluates an employee cyber security awareness and training program.
    • Establishes and leads the HHS Computer Security Incident Response Capability Team, the Department’s overall cyber security incident response/coordination center.
  • Cyberbullying measures

HHS Services migrating to cloud

HHS is migrating the following services to align with Fed CIO guidance:

  • Agency Private Cloud Services
  • Reports Management
  • Grants Management

HHS auditors find cybersecurity holes at hospitals

An audit from the HHS Inspector General examined 7 national hospitals, and found 151 security vulnerabilities. The vast majority of impact vulnerabilities were wireless access issues, yet there were also audit control vulnerabilities found as well integrity control patches. IG inspectors found uninstalled critical operating system patches, outdated antivirus applications, and even operating systems no longer supported by the manufacturer. HHS clearly needs tools that will help oversee and manage and develop the standards that hospitals need to adhere to.