Massive HHS IT Cuts Leave US Health Data at Risk, Workers Say

After slashing IT staff, HHS faces a cybersecurity crisis that could leave sensitive health data and critical systems exposed, workers urgently warn.

The digital backbone of the United States health system is facing a critical threat, current and former Department of Health and Human Services (HHS) workers warn, as first reported by WIRED.

The elimination of hundreds of IT and cybersecurity personnel through a sweeping reduction in force (RIF) has resulted in the dismissal of essential staff who managed contracts and network protection, thus endangering vital health data and systems, according to WIRED.

“Pretty soon, within the next couple of weeks, everything regarding IT and cyber at the department will start to operationally reach a point of no return,” one former staffer who worked at HHS for over a decade said to WIRED.

WIRED reports that the Office of the Chief Information Officer (OCIO) suffered a disruption that impacted half of its operations, including the complete Immediate Office of the CIO, which managed essential cybersecurity contracts and renewals for more than 100 external contractors.

The security operations of the Computer Security Incident Response Center (CSIRC), which functions as HHS’s main cybersecurity center, were managed by numerous employees.

The loss of oversight raises concerns that cybersecurity contracts expiring in June won’t be renewed in time. “It is the department’s nerve center,” the source said, as reported to WIRED. “It has direct links to DHS, CISA, Defense Health Agency, and the intelligence community,” the source added.

WIRED argues that the pending departure of CIO Jennifer Wendel, combined with the lack of direction from incoming leadership, such as Clark Minor, a software engineer with no federal experience, adds to the instability. Sources say Minor has not issued any transition plans or guidance.

In the meantime, basic services are already falling apart. One staffer said travel systems have reverted to pre-2004 processes due to a lack of support, as reported by WIRED.

“If the US health system lost CMS, FDA, NIH, and CDC functionality indefinitely without warning… this would be an unprecedented systemic shock,” one OCIO worker said to WIRED.

Despite these concerns, HHS has denied the risks. “Essential operations at HHS, including contract management and cybersecurity oversight, remain staffed and functional,” a spokesperson told WIRED.

Still, current employees describe a leaderless environment: “This ship has no captain whatsoever, and I’m playing in the band while the Titanic sinks.”