The Department of Health and Human Services’ Office of the Inspector General has recommended cybersecurity improvements on the IT system of the Organ Procurement and Transplantation Network, or OPTN, under the department’s Health Resources and Services Administration.
Simulated cyberattacks on the system revealed 22 vulnerabilities on 16 OPTN cybersecurity controls mostly involving network monitoring, according to an OIG report issued on Monday.
The report noted that OPTN’s IT system — which houses its confidential data on organ donors, transplant candidates and recipients, as well as operation outcomes — could be compromised in a cyberattack with moderate sophistication. It added that the system’s cybersecurity was only able to withstand certain cyberattack simulations, such as phishing.
System Contractor Remedies
To address the identified vulnerabilities, the OIG recommended four remedies, with which HRSA has concurred. The recommendations include requiring the OPTN IT system contractor to provide and certify remedies for the system’s vulnerabilities that the OIG audit discovered. Some of the weaknesses uncovered were in the identity access management, source code and administrator credentials.
In September, HHS announced an initial batch of four OPTN contractors composed of Arbor Research Collaborative for Health, General Dynamic Information Technology, Maximus Federal, Deloitte and Guidehouse Digital. Leidos secured in November a spot on the multiple-award OPTN contract, which has a one-year base period and four one-year options for a potential total value of $235 million.
Join the Potomac Officers Club’s 2024 Healthcare Summit on Dec. 11. This key event will explore the transformative trends and innovations shaping the future of the U.S. healthcare sector. Register here.