New HHS CIO on Emerging Threats, Top Priorities

The U.S. Department of Health and Human Services is dealing with many of the same cybersecurity challenges facing the rest of the healthcare sector - from fighting ransomware attacks to developing a cyber-savvy workforce and recruiting new talent, says Beth Anne Killoran, who was recently named HHS' CIO.

HHS has seen a surge in attempted phishing, ransomware and other malware attacks, she says in an interview with Information Security Media Group. "We have had some intermittent ransomware attacks, but because of the way we have put our structure in place, we have been able to identify those attacks very quickly and been able to isolate them to an individual workstation ... and not have a widespread infestation of ransomware," she says.

To help build a cyber-savvy workforce, HHS has launched "CyberCare," a campaign that includes education and marketing efforts "so that people understand phishing" as well as the risks involved in using cell phones and other mobile technologies, she says.

That effort reflects the evolving cybersecurity priorities at HHS as it addresses evolving threat vectors, she says. "Overall, right now we have a lot of investment associated with responding and recover[ing] to the threats that we have versus preventing, so we're shifting our investment strategies to become more effective in the prevent side of the life cycle," she says.

Building a Cybersecurity Team

HHS is also working to build up its cybersecurity team. "What's most critical for us is to try to find multiple avenues to recruit talent because in the metro [Washington] D.C. area there are a lot of organizations - both public and private - that want to gather the cybersecurity talent. ... We have such a critical mission that we hope [by] being able to articulate the importance of our mission, that will help us to be able to recruit some of that talent."

In the interview (see audio link below photo), Killoran also discusses:

• The evolving cyber threat landscape facing HHS and the healthcare sector;
• HHS' healthcare threat information center, which provides a mechanism for the agency to share information with other agencies, including the Department of Veteran's Affairs;
• Efforts to bolster the security of the HealthCare.gov, the website and systems that run the federally facilitated health insurance exchanges under the Affordable Care Act.

Killoran was named HHS CIO in July. She joined the department in October 2014, previously serving as its acting deputy CIO and as the executive director for the Office of IT Strategy, Policy and Governance. As CIO for HHS, Killoran provides leadership on high-priority projects, engages in strategic IT investment planning and drives change across the organization. Previously, she served in a number of leadership roles at the Department of Homeland Security. Over the course of her DHS career, Killoran served in positions covering investment management, risk management and program management of the DHS acquisition portfolio and IT investments totaling more than $18 billion. Prior to DHS, Killoran worked at the Department of the Treasury, where she provided IT infrastructure support.