In a March 28 letter and report sent to HHS, GAO notes that among dozens of unimplemented "high priority" recommendations are four on health information technology and cybersecurity. "The nation's ...

GAO also warned that HHS has still not addressed its recommendation to evaluate the effectiveness of its sector-focused efforts to help manage ransomware risks or taken steps to conduct “a ...

The GAO released a report June 28 reviewing HHS’ organizational approach to cybersecurity and offered seven recommendations for the agency to enhance its roles and responsibilities so that ...

GAO made a sweeping examination of its recommendations to HHS for more than a decade. It found of the 115 recommendations GAO made, 72 remain unaddressed.

While HHS has established guidance for covered entities to comply with HIPAA, the guidance does not address all elements called for by other federal cybersecurity recommendations, according to GAO.

Then, in October 2020, CISA, the FBI and HHS issued a cybersecurity advisory alert over the Department of Healthcare and Public Health (HPH) being targeted by ransomware activity. GAO made seven ...

The GAO has made 155 recommendations to help remedy the situation, and 91 of these recommendations were yet to be implemented as of April, they reported.