Securing public health information with mature zero trust

HHS-OIG handles and analyzes large amounts of public health data and personally identifiable information, grants and Medicare and Medicaid claims. The analysis of these millions of data points supports recommendations for COVID Provider Relief Fund operations, treatments for opioid overdose, investigations of healthcare fraud, and more. These data, program information, and analyses needed protection from cyber attacks.

With TMF support, HHS-OIG created a Security Operations Center (SOC) that provides 24×7/365 monitoring, and incident response, to effectively manage cyber security risk across the enterprise. They implemented a modern identity, access management capability, and cloud-based networking services that all align to a modernized and secure Zero Trust Architecture.

Impacts include strengthened security protections of public health information, increased operational efficiencies, future cost savings and efficiencies by consolidating tools and decommissioning legacy technology, and cost avoidance resulting from fewer security breaches. Significant progress toward zero trust maturity has been achieved through modernization of SOC, IAM, and cloud‑based networking.