4 days ago
89
One team that was purged from HHS managed over a hundred contracts worth hundreds of millions of dollars, including crucial cybersecurity licenses. It also managed the renewal of contracts for hundreds of specialized contractors who perform critical tasks for the department, including a dozen cybersecurity contractors who work at the Computer Security Incident Response Center (CSIRC)—the primary component of the department’s overall cybersecurity program which is overseen by the chief information security officer.
While all of HHS’s agencies have their own cybersecurity and IT teams, the CSIRC is the only one that has visibility across the entire network of the department. This center, based in Atlanta, monitors the entire HHS network and is tasked with preventing, detecting, reporting, and responding to cybersecurity incidents at HHS.
“It is the department’s nerve center,” the source says. “It has direct links to DHS, CISA, Defense Health Agency, and the intelligence community.”
The contractors provide round the clock coverage on three, eight-hour shifts every single day, monitoring the network for any possible outages or attacks from inside or outside the network. Those contracts are set to expire on June 21; while there is time to renew them, it’s not clear who is authorized to do so or knows how, since the entire office that oversees the process is no longer working at HHS.
Adding to the threat is the decision by the General Service Administration to terminate the lease for the CSIRC in Atlanta, effective December 31, 2025.
Many of the cybersecurity and monitoring tools the contractors use to monitor the networks are also due for renewal in the coming months.
If the situation is not addressed, “pretty soon, the department will be completely open to external actors to get at the largest databases in the world that have all of our public health information in them, our sensitive drug testing clinical trial information at the NIH or FDA, or different organizations’ mental health records,” the source claims, ech...
English (US)