Confronting Heightened Cybersecurity Threats Amid COVID-19

Did you know that Americans’ private health data is estimated to be worth up to 20 times the value of financial data on the Dark Web? This makes the Health and Public Health (HPH) Sector a primary target for cybercriminals. When an HPH Sector entity is affected by a cyber event, the public may lose its ability to engage with or receive health services, putting lives at risk. The COVID-19 pandemic has raised the stakes, increasing cyber risk in the HPH Sector in proportion the increased pace of activity amid widespread transition to remote work environments.

The HPH Sector has been significantly impacted due to both existing cybersecurity challenges and those brought on by COVID-19. Resource constraints paired with the complex architecture of both Information Technology (IT) and Operational Technology (OT) hindered HPH entities’ response and recovery efforts.

Cybersecurity is essential for effectively securing data needed to treat patients and maintain their access to critical health services. Patient safety and well-being are the top priorities when it comes to securing health infrastructure. Targeted attacks continue to plague the HPH Sector with the distribution of COVID-19 vaccines underway. Increasing cybersecurity awareness among HPH personnel and the general public can help alleviate the frequency and overall impact of incidents.

The Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have been in close coordination since the onset of the pandemic. This coordination has led to key cybersecurity insights, which are reflected in the following infographics we have made accessible to the HPH Sector and general public:

COVID-19 Cyber Security Impacts Infographic

Government and the private sector must work together to confront cyber challenges and secure HPH data and infrastructure. CISA and HHS recommend HPH entities take the following steps:

HPH:

  • Implement regular network scanning and patching cycles.
  • Leverage email banners, user training, and other tools to reduce risk of phishing.
  • Develop and practice incident response plans in a remote environment, including data backup and recovery.
  • Modernize technologies where feasible—and segment those end-of-life technologies that cannot be modernized. IT modernization through removal of End of Life (EOL) systems and devices will help reduce the risk of introducing permanent vulnerabilities into networks.

Government:

  • Establish disaster response roles and responsibilities between federal agencies; continue work with private industry and sector partners; and continue meaningful collaboration between the Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Department of Health and Human Services (HHS).
  • Develop and implement “State of Emergency” standard operating procedures that include leveraging rapid response technical teams.
  • Implement as appropriate recommendations from the Cyber Solarium Commission (including the addendum during COVID-19).

Cybersecurity Challenges to Healthcare Sector Infographic thumbnailYou can download and share printer-friendly copies of the above Joint-Seal infographics https://www.hhs.gov/sites/default/files/cybersecurity-challenges-to-healthcare-sector-infographic.pdf*

COVID-19 Cyber Security Impacts Infographichttps://www.hhs.gov/sites/default/files/covid-19-cyber-security-impacts-infographic.jpg

* People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office of the Chief Information Officer 202-690-6162 or by emailing OCIO.HHS@hhs.gov

More from: By: Office of the Secretary

Hits: 6

News Network

  • Operation Legend: Case of the Day
    In Crime News
    Each weekday, the Department of Justice will highlight a case that has resulted from Operation Legend. Today’s case is out of the Eastern District of Wisconsin. Operation Legend launched in Milwaukee on July 29, 2020, in response to the city facing increased homicide and non-fatal shooting rates.
    [Read More…]
  • Six Men Charged for Roles in Scheme to Defraud Businesses of Luxury Goods and Services
    In Crime News
    Six men were charged in an indictment unsealed on Wednesday for their alleged participation in a nation-wide scheme to defraud dozens of businesses across the United States of luxury goods and services announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department's Criminal Division and U.S. Attorney Andrew Lelling of the District of Massachusetts.
    [Read More…]
  • Information Technology: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks
    In U.S GAO News
    Few of the 23 civilian Chief Financial Officers Act agencies had implemented seven selected foundational practices for managing information and communications technology (ICT) supply chain risks. Supply chain risk management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of ICT product and service supply chains. Many of the manufacturing inputs for these ICT products and services originate from a variety of sources throughout the world. (See figure 1.) Figure 1: Examples of Locations of Manufacturers or Suppliers of Information and Communications Technology Products and Services None of the 23 agencies fully implemented all of the SCRM practices and 14 of the 23 agencies had not implemented any of the practices. The practice with the highest rate of implementation was implemented by only six agencies. Conversely, none of the other practices were implemented by more than three agencies. Moreover, one practice had not been implemented by any of the agencies. (See figure 2.) Figure 2: Extent to Which the 23 Civilian Chief Financial Officers Act Agencies Implemented Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Practices As a result of these weaknesses, these agencies are at a greater risk that malicious actors could exploit vulnerabilities in the ICT supply chain causing disruption to mission operations, harm to individuals, or theft of intellectual property. For example, without establishing executive oversight of SCRM activities, agencies are limited in their ability to make risk decisions across the organization about how to most effectively secure their ICT product and service supply chains. Moreover, agencies lack the ability to understand and manage risk and reduce the likelihood that adverse events will occur without reasonable visibility and traceability into supply chains. Officials from the 23 agencies cited various factors that limited their implementation of the foundational practices for managing supply chain risks. The most commonly cited factor was the lack of federal SCRM guidance. For example, several agencies reported that they were waiting for federal guidance to be issued from the Federal Acquisition Security Council—a cross-agency group responsible for providing direction and guidance to executive agencies to reduce their supply chain risks—before implementing one or more of the foundational practices. According to Office of Management and Budget (OMB) officials, the council expects to complete this effort by December 2020. While the additional direction and guidance from the council could further assist agencies with the implementation of these practices, federal agencies currently have guidance to assist with managing their ICT supply chain risks. Specifically, the National Institute of Standards and Technology (NIST) issued ICT SCRM-specific guidance in 2015 and OMB has required agencies to implement ICT SCRM since 2016. Until agencies implement all of the foundational ICT SCRM practices, they will be limited in their ability to address supply chain risks across their organizations effectively. Federal agencies rely extensively on ICT products and services (e.g., computing systems, software, and networks) to carry out their operations. However, agencies face numerous ICT supply chain risks, including threats posed by counterfeiters who may exploit vulnerabilities in the supply chain and, thus, compromise the confidentiality, integrity, or availability of an organization's systems and the information they contain. For example, in September 2019, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency reported that federal agencies faced approximately 180 different ICT supply chain-related threats. To address threats such as these, agencies must make risk-based ICT supply chain decisions about how to secure their systems. GAO was asked to conduct a review of federal agencies' ICT SCRM practices. The specific objective was to determine the extent to which federal agencies have implemented foundational ICT SCRM practices. To do so, GAO identified seven practices from NIST guidance that are foundational for an organization-wide approach to ICT SCRM and compared them to policies, procedures, and other documentation from the 23 civilian Chief Financial Officers Act agencies. This is a public version of a sensitive report that GAO issued in October 2020. Information that agencies deemed sensitive was omitted and GAO substituted numeric identifiers that were randomly assigned for the names of the agencies due to sensitivity concerns. The foundational practices comprising ICT SCRM are: establishing executive oversight of ICT activities, including designating responsibility for leading agency-wide SCRM activities; developing an agency-wide ICT SCRM strategy for providing the organizational context in which risk-based decisions will be made; establishing an approach to identify and document agency ICT supply chain(s); establishing a process to conduct agency-wide assessments of ICT supply chain risks that identify, aggregate, and prioritize ICT supply chain risks that are present across the organization; establishing a process to conduct a SCRM review of a potential supplier that may include reviews of the processes used by suppliers to design, develop, test, implement, verify, deliver, and support ICT products and services; developing organizational ICT SCRM requirements for suppliers to ensure that suppliers are adequately addressing risks associated with ICT products and services; and developing organizational procedures to detect counterfeit and compromised ICT products prior to their deployment. GAO also interviewed relevant agency officials. In the sensitive report, GAO made a total of 145 recommendations to the 23 agencies to fully implement foundational practices in their organization-wide approaches to ICT SCRM. Of the 23 agencies, 17 agreed with all of the recommendations made to them; two agencies agreed with most, but not all of the recommendations; one agency disagreed with all of the recommendations; two agencies neither agreed nor disagreed with the recommendations, but stated they would address them; and one agency had no comments. GAO continues to believe that all of the recommendations are warranted, as discussed in the sensitive report. For more information, contact Carol C. Harris at (202) 512-4456 or harrisCC@gao.gov.
    [Read More…]
  • Iran Travel Advisory
    In Travel
    Do not travel to Iran [Read More…]
  • Russia Travel Advisory
    In Travel
    Do not travel to Russia [Read More…]
  • Bipartisan Competitive Strategy: The “New Normal”?
    In Crime Control and Security News
    Dr. Christopher Ashley [Read More…]
  • Attacks on Yemeni Officials in Aden
    In Crime Control and Security News
    Cale Brown, Principal [Read More…]
  • Indiana Man Pleads Guilty to Distributing Pesticides
    In Crime News
    An Indiana man who distributed unregistered pesticides to the tenants and managers of an apartment building he owned has pleaded guilty to three counts of violating the Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA).
    [Read More…]
  • Food Safety: CDC Could Further Strengthen Its Efforts to Identify and Respond to Foodborne Illnesses
    In U.S GAO News
    The roles and responsibilities of the Centers for Disease Control and Prevention (CDC) during a multistate foodborne illness outbreak include analyzing federal foodborne illness surveillance networks to identify outbreaks, leading investigations to determine the food causing the outbreak, and communicating with the public. CDC also works to build and maintain federal, state, territorial, and local capacity to respond to foodborne illness outbreaks by awarding funds to state and local public health agencies and through other initiatives. In identifying and responding to multistate foodborne illness outbreaks, CDC faces challenges related to clinical methods and communication, and it has taken some steps to respond to these challenges. One challenge stems from the increasing clinical use of culture-independent diagnostic tests (CIDTs). CIDTs diagnose foodborne illnesses faster and cheaper than traditional methods, but because they do not create DNA fingerprints that can specify a pathogen, they may reduce CDC's ability to identify an outbreak. A CDC working group recommended in May 2018 that CDC develop a plan to respond to the increasing use of CIDTs. By developing a plan, CDC will have greater assurance of continued access to necessary information. CDC also faces a challenge in balancing the competing needs for timeliness and accuracy in its outbreak communications while maintaining public trust. CDC has an internal framework to guide its communications decisions during outbreaks, and it recognizes that stakeholders would like more transparency about these decisions. By making its framework publicly available, CDC could better foster public trust in its information and guidance during outbreaks. CDC has taken steps to evaluate its performance in identifying and responding to multistate outbreaks. Specifically, CDC has developed general strategic goals (see fig.) and taken initial steps to develop performance measures. However, CDC has not yet established other elements of a performance assessment system—an important component of effective program management. CDC's Use of Elements of Program Performance Assessment Systems In particular, CDC has not set specific performance goals, used performance measures to track progress, or conducted a program evaluation of its multistate foodborne illness outbreak investigation efforts. By implementing all elements of a performance assessment system, CDC could better assess its progress toward meeting its goals, identify potentially underperforming areas, and use that information to improve its performance. CDC has estimated that each year, one in six people in the United States gets a foodborne illness, 128,000 are hospitalized, and 3,000 die. CDC data show increases in the number of reported multistate foodborne illness outbreaks—groups of two or more linked cases in multiple states—in recent years. Such outbreaks are responsible for a disproportionate number of hospitalizations and deaths, compared with single-state outbreaks. GAO was asked to review CDC's response to multistate foodborne illness outbreaks. This report examines (1) CDC's roles and responsibilities, (2) challenges that CDC faces and the extent to which it has addressed these challenges, and (3) the extent to which CDC evaluates its performance. GAO reviewed agency documents and data; conducted site visits and case studies; and interviewed federal, state, and local public health officials, as well as representatives of stakeholder groups. GAO is recommending that CDC (1) develop a plan to respond to the increasing use of CIDTs, (2) make publicly available its decision-making framework for communicating about multistate foodborne illness outbreaks, and (3) implement all the elements of a performance assessment system. CDC concurred with all three recommendations. For more information, contact Steve D. Morris at (202) 512-3841 or morriss@gao.gov.
    [Read More…]
  • Justice Department Files Suit Against Dallas, Texas, Towing Company for Unlawfully Selling Servicemember-Owned Vehicles
    In Crime News
    The Justice Department today filed a lawsuit in the Northern District of Texas alleging that Dallas-based towing company United Tows LLC violated the Servicemembers Civil Relief Act (SCRA), by unlawfully auctioning off vehicles owned by SCRA-protected servicemembers. 
    [Read More…]
  • Congratulations to Bolivia’s President-Elect Luis Arce
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Military Personnel: Perspectives on DOD’s and the Military Services’ Use of Borrowed Military Personnel
    In U.S GAO News
    Policies on the use of borrowed military personnel vary among military services. Borrowed military personnel refers to military personnel used for duties outside their assigned positions, such as security protection. DOD policy acknowledges that there may be instances in which military personnel can be used to appropriately satisfy a near-term demand but that DOD must be vigilant in ensuring that military personnel are not inappropriately utilized, particularly in a manner that may degrade readiness. Additionally, the Army and the Marine Corps have their own policies that describes how military personnel may be used on a temporary basis. DOD and the Army, Navy, and Air Force do not centrally track their use of borrowed military personnel, nor do they assess any impacts of that use on the readiness of units and personnel to accomplish their assigned missions. According to DOD and Army officials, the relatively limited use of borrowed military manpower, their limited impacts on readiness, and the existence of other readiness reporting mechanisms serve to obviate the need to collect and analyze this information centrally—especially given the resources that would be required to establish and maintain such a reporting process. The House Armed Services Committee has questioned whether DOD continues to divert servicemembers from their unit assignments to perform nonmilitary functions that could be performed by civilian employees. House Report 116-120, accompanying a bill for the National Defense Authorization Act for Fiscal Year 2020 included a provision for GAO to assess the levels and impacts of borrowed military personnel. This report examines DOD's and the military services' policies on the use of borrowed military personnel, the tracking and reporting of their use of borrowed military personnel, and any impacts of that use on readiness. For more information, contact Cary Russell at (202)512-5431 or RussellC@gao.gov.
    [Read More…]
  • Azerbaijan Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • How Engineers at NASA JPL Persevered to Develop a Ventilator
    In Space
    As coronavirus hit, JPL [Read More…]
  • Spinoff Highlights NASA Technology Paying Dividends in the US Economy
    In Space
    NASA’s technology [Read More…]
  • Justice Department Files Enforcement Action Against Bain& Company As Part of Its Investigation Into Visa Inc’s Proposed Acquisition of Plaid Inc
    In Crime News
    Today, the Department of Justice filed a petition in the U.S. District Court for the District of Massachusetts to enforce Bain & Company’s compliance with the department’s Civil Investigative Demand (CID).  
    [Read More…]
  • Belgium Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Chief Justice Names Conference Committee Chairs
    In U.S Courts
    Chief Justice John G. Roberts, Jr. has named eight new chairs of Judicial Conference committees and extended the term of a current chair by one year. 
    [Read More…]
  • Additional Restrictions on the Issuance of Visas for People’s Republic of China Officials Engaged in Human Rights Abuses
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Justice Department Commends ASCAP and BMI’s Launch of SONGVIEW
    In Crime News
    On Dec. 21, 2020, The American Society of Composers (ASCAP) and Broadcast Music, Inc. (BMI), the two largest performance rights organizations (PROs) in the United States, announced the launch of SONGVIEW, a “comprehensive data platform that provides music users with an authoritative view of public performance copyright ownership and administration shares for the vast majority of music licensed in the United States.”[1]
    [Read More…]
  • Taiwan Company Pleads Guilty to Trade Secret Theft in Criminal Case Involving PRC State-Owned Company
    In Crime News
    The Department of Justice today announced that United Microelectronics Corporation, Inc. (UMC), a Taiwan semiconductor foundry, pleaded guilty to criminal trade secret theft and was sentenced to pay a $60 million fine, in exchange for its agreement to cooperate with the government in the investigation and prosecution of its co-defendant, a Chinese state-owned-enterprise.
    [Read More…]
  • Botswana Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • Security at the 2019 Women’s World Cup nearing the final goal
    In Crime Control and Security News
    Angela French, DSS [Read More…]
  • OSCE Moscow Mechanism Report Details Widespread Rights Violations in Belarus
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Equatorial Guinea Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Environment and Natural Resources Division Distributes Memorandum Summarizing Enforcement Policies and Priorities
    In Crime News
    On Friday, the Environment and Natural Resources Division publicly distributed a memorandum summarizing important principles and priorities for environmental enforcement. The memorandum, issued Jan. 14 by outgoing Assistant Attorney General Jeffrey Bossert Clark, emphasizes that robust enforcement of our nation's environmental laws remains one of the division’s highest priorities. It emphasizes that, when engaged in criminal and civil enforcement, it is important that the division continue to enhance the fair and impartial application of the law.
    [Read More…]
  • French Polynesia Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • United States Sanctions Two Hizballah Officials
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • ISIS Militants Charged With Deaths Of Americans In Syria
    In Crime News
    Two militant fighters for the Islamic State of Iraq and al-Sham (ISIS), a foreign terrorist organization, are expected to arrive in the United States today in FBI custody on charges related to their participation in a brutal hostage-taking scheme that resulted in the deaths of four American citizens, as well as the deaths of British and Japanese nationals, in Syria.
    [Read More…]
  • Iran Threatening to Expel UN Investigators
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Secretary Pompeo’s Meeting with Vietnamese Prime Minister Phuc
    In Crime Control and Security News
    Office of the [Read More…]
  • Secretary Blinken’s Call with UN Secretary-General Antonio Guterres
    In Crime Control and Security News
    Office of the [Read More…]
  • Former Police Officer and Gangster Disciples Member Sentenced to Prison
    In Crime News
    A former DeKalb County, Georgia, police officer and member of the Gangster Disciples was sentenced to 15 years in prison followed by five years of supervised release for racketeering conspiracy involving murder, announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division and U.S. Attorney Byung J. “BJay” Pak of the Northern District of Georgia.
    [Read More…]
  • New 3D Mapping Technique Improves Landslide Hazard Prediction
    In Space
    Landslides cause loss of [Read More…]
  • Las Vegas Resident Sentenced to Prison for Elder Fraud Scheme
    In Crime News
    A Las Vegas resident who participated in a fraudulent prize-notification scheme that bilked victims out of more than $9 million was sentenced today to federal prison, the Department of Justice announced.
    [Read More…]
  • Oman Travel Advisory
    In Travel
    Do not travel to Oman [Read More…]
  • Secretary Michael R. Pompeo With Alex Marlow of Breitbart News Radio on SiriusXM Patriot
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Sao Tome and Principe Travel Advisory
    In Travel
    Reconsider travel to Sao [Read More…]
  • Defendant Pleads Guilty In Multi-Million Dollar Prize Notification Scam Affecting Elderly Victims
    In Crime News
    A Las Vegas area resident charged with perpetrating a prize-notification scheme that bilked victims out of more than $10 million pleaded guilty today, the Department of Justice announced.
    [Read More…]
  • Secretary Michael R. Pompeo At the Three Seas Virtual Summit and Web Forum
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Hungary Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Keynote Remarks at the 5th Annual Papua New Guinea Women’s Forum
    In Women’s News
    Joel Maybury, Acting [Read More…]
  • The Department of State Breaks Ground for New U.S. Consulate General in Casablanca
    In Crime Control and Security News
    Office of the [Read More…]
  • Medicaid Information Technology: Effective CMS Oversight and States’ Sharing of Claims Processing and Information Retrieval Systems Can Reduce Costs
    In U.S GAO News
    The Centers for Medicare and Medicaid Services (CMS) has reimbursed billions of dollars to states for the development, operation, and maintenance of claims processing and information retrieval systems—the Medicaid Management Information Systems (MMIS) and Eligibility and Enrollment (E&E) systems. Specifically, from fiscal year 2008 through fiscal year 2018, states spent a total of $44.1 billion on their MMIS and E&E systems. CMS reimbursed the states $34.3 billion of that total amount (see figure). Money Spent by States and Reimbursed by CMS from 2008–2018 for Medicaid Management Information Systems (MMIS) and Eligibility and Enrollment (E&E) Systems For fiscal years 2016 through 2018, CMS approved 93 percent and disapproved 0.4 percent of MMIS funding requests, while for E&E it approved 81 percent and disapproved 1 percent of the requests. The remaining 6.6 percent of MMIS requests and 18 percent of E&E requests were either withdrawn by states or were pending. GAO estimates that CMS had some level of supporting evidence of its review for about 74 percent of MMIS requests and about 99 percent of E&E requests. However, GAO estimates that about 100 percent of E&E requests and 68 percent of MMIS requests lacked pertinent information that would be essential for indicating that a complete review had been performed. Among CMS requirements for system implementation funding is that states submit an alternatives analysis, feasibility study, and cost benefit analysis. However, GAO found that about 45 percent of such requests it sampled for fiscal years 2016 through 2018 did not include these required documents. The above weaknesses were due, in part, to a lack of formal, documented procedures for reviewing state funding requests. CMS also lacked a risk-based process for overseeing systems after federal funds were provided. CMS provided helpful comments and recommendations to states in selected cases, but in other instances it did not. In two states that had contractors struggling to deliver successful projects, state officials said they had not received recommendations or technical assistance from CMS. The states eventually terminated the projects after spending a combined $38.5 million in federal funds. According to CMS officials, they rely largely on states to oversee systems projects. This perspective is consistent with a 2018 Office of Management and Budget (OMB) decision that federal information technology (IT) grants totaling about $9 billion annually would no longer be tracked on OMB's public web site on IT investment performance. Accordingly, the CMS and Health and Human Services chief information officers (CIO) are not involved in overseeing MMIS or E&E projects. Similarly, 21 of 47 states responding to GAO's survey reported that their state CIO had little or no involvement in overseeing their MMISs. Such non-involvement of officials with duties that should be heavily focused on successful acquisition and operation of IT projects could be hindering states' ability to effectively implement systems. To improve oversight, CMS has begun a new outcome-based initiative that focuses the agency's review of state funding requests on the successful achievement of business outcomes. However, as of February 2020, CMS had not yet established a timeline for including MMIS and E&E systems in the new outcome-based process. CMS had various initiatives aimed at reducing duplication of Medicaid systems (see table). Description and Status of Centers for Medicare and Medicaid Services Initiatives Aimed at Reducing Duplication by Sharing, Leveraging, and Reusing Medicaid Information Technology Initiative Description Implementation status Number of surveyed states reporting use of the initiative Reuse Repository Used by states to collect and share reusable artifacts. Made available in August 2017. As of January 2020, CMS was no longer supporting this initiative. 25 of the 50 reporting states Poplin Project Was to provide free, open-source application program interfaces for states to use in developing their modular Medicaid systems. Initiative never fully implemented. As of January 2020, CMS was no longer supporting this initiative. Three of the 50 reporting states Open Source Provider Screening Module Open-source module for states to use at no charge. Made available in August 2018. As of January 2020, CMS was no longer supporting this initiative. One of the 50 states reported attempting to use the module. Medicaid Enterprise Cohort Meetings A forum where states can discuss sharing, leveraging, and/or reuse of Medicaid technologies. As of January 2020, Cohort meetings were being held on a monthly basis. 47 of the 50 states reported participating in the meetings. Source: GAO analysis of agency data. | GAO-20-179 However, as of January 2020, the agency was no longer supporting most of these initiatives because they failed to produce the desired results. CMS regulations and GAO's prior work have highlighted the importance of reducing duplication by sharing and reusing Medicaid IT. To illustrate the potential for reducing duplication, 53 percent of state Medicaid officials responding to our survey reported using the same contractor to develop their MMIS. Nevertheless, selected states are taking the initiative to share systems or modules. Further support by CMS could result in additional sharing initiatives and potential cost savings. The Medicaid program is the largest source of health care funding for America's most at-risk populations and is funded jointly by states and the federal government. GAO was asked to assess CMS's oversight of federal expenditures for MMIS and E&E systems used for Medicaid. This report examines (1) the amount of federal funds that CMS has provided to state Medicaid programs to support MMIS and E&E systems, (2) the extent to which CMS reviews and approves states' funding requests for the systems and oversees the use of these funds, and (3) CMS's and states' efforts to reduce potential duplication of Medicaid IT systems. GAO assessed information related to MMIS and E&E systems, such as state expenditure data, federal regulations, and CMS guidance to the states for submitting funding requests, states' system funding requests, and IT project management documents. GAO also evaluated a generalizable sample of approved state funding requests from fiscal years 2016 through 2018 to analyze, among other things, CMS's review and approval process and conducted interviews with agency and state Medicaid officials. GAO also reviewed relevant regulations and guidance on promoting, sharing, and reusing MMIS and E&E technologies; and surveyed 50 states and six territories (hereafter referred to as states) regarding the MMIS and E&E systems, and assessed the complete or partial responses received from 50 states. GAO is making nine recommendations to improve CMS's processes for approving and overseeing the federal funds for MMIS and E&E systems and for bolstering efforts to reduce potential duplication. Among these recommendations are that CMS should develop formal, documented procedures that include specific steps to be taken in the advanced planning document review process and instructions on how CMS will document the reviews; develop, in consultation with the HHS and CMS CIOs, a documented, comprehensive, and risk-based process for how CMS will select IT projects for technical assistance and provide recommendations to assist states that is aimed at improving the performance of the systems; encourage state Medicaid program officials to consider involving state CIOs in overseeing Medicaid IT projects; establish a timeline for implementing the outcome-based certification process for MMIS and E&E systems; and identify, prior to approving funding for systems, similar projects that other states are pursuing so that opportunities to share, leverage, or reuse systems or system modules are considered. In written comments on a draft of this report, the department concurred with eight of the nine recommendations, and described steps it had taken and/or planned to take to address them. The department did not state whether it concurred with GAO's recommendation to encourage state officials to consider involving state CIOs in Medicaid IT projects. HHS stated that it was unable to discern evidence as to whether a certain structure contributed to a specific outcome. GAO believes, consistent with federal law, that CIOs are critically important to the success of IT projects. For more information, contact Vijay D’Souza at (202) 512-6240 or dsouzav@gao.gov.
    [Read More…]
  • Man Sentenced for Operating Multi-Million Dollar International Money Laundering Scheme
    In Crime News
    A Ukrainian man was sentenced today to 87 months in prison and ordered to pay $98,751.64 in restitution after pleading guilty to committing wire fraud, stemming from his participation in a scheme to launder funds for Eastern European cybercriminals who hacked into and stole funds from online bank accounts of U.S. businesses.
    [Read More…]
  • U.S. Welcomes First Meeting of the Afghanistan High Council for National Reconciliation Leadership Committee
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • On the Passing of Former Marshallese President Litokwa Tomeing
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Marketing Company Agrees to Pay $150 Million for Facilitating Elder Fraud Schemes
    In Crime News
    Epsilon Data Management LLC (Epsilon), one of the largest marketing companies in the world, has entered into a settlement with the Department of Justice to resolve a criminal charge for selling millions of Americans’ information to perpetrators of elder fraud schemes.
    [Read More…]
  • North Carolina Return Preparer Indicted for Tax Fraud Scheme
    In Crime News
    A federal grand jury sitting in Greenville, North Carolina, returned an indictment charging a North Carolina tax preparer with conspiracy to defraud the United States and with preparing false returns for clients, announced Principal Deputy Assistant Attorney General Richard E. Zuckerman of the Justice Department’s Tax Division and U.S. Attorney Robert J. Higdon, Jr. for the Eastern District of North Carolina.
    [Read More…]
  • Sanctions on Iran’s Financial Institutions
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Vermont Man Charged with Hiring Person to Kidnap and Kill a Man in a Foreign Country, and Producing and Receiving Child Pornography
    In Crime News
    A federal grand jury in the District of Vermont returned a third superseding indictment today against a Burlington man for conspiring to kidnap and kill a man in a foreign country, murder for hire, and five child pornography offenses.
    [Read More…]
  • Attack on Kurdistan Democratic Party Baghdad Office
    In Crime Control and Security News
    Morgan Ortagus, [Read More…]
  • Visa and Plaid Abandon Merger After Antitrust Division’s Suit to Block
    In Crime News
    The Department of Justice announced today that Visa Inc. and Plaid Inc. have abandoned their planned $5.3 billion merger.
    [Read More…]
  • Eight Individuals Charged With Conspiring to Act as Illegal Agents of the People’s Republic of China
    In Crime News
    A complaint and arrest warrants were unsealed today in federal court in Brooklyn charging eight defendants with conspiring to act in the United States as illegal agents of the People’s Republic of China (PRC).  Six defendants also face related charges of conspiring to commit interstate and international stalking.  The defendants, allegedly acting at the direction and under the control of PRC government officials, conducted surveillance of and engaged in a campaign to harass, stalk, and coerce certain residents of the United States to return to the PRC as part of a global, concerted, and extralegal repatriation effort known as “Operation Fox Hunt.” 
    [Read More…]
  • Statement Of AAG Makan Delrahim Thanking Participants In Workshop On Competition In The Licensing Of Public Performance Rights In The Music Industry
    In Crime News
    On Wednesday July 29, the Justice Department’s Antitrust Division concluded its two-day virtual workshop on competition in the licensing of public performance rights in the music industry.
    [Read More…]
  • Agile Assessment Guide: Best Practices for Agile Adoption and Implementation
    In U.S GAO News
    From September 28, 2020 through September 27, 2021, GAO is seeking input and feedback on this Exposure Draft from all interested parties. Please click on this link https://tell.gao.gov/agileguide to provide us with comment on the Guide. The U.S. Government Accountability Office is responsible for, among other things, assisting Congress in its oversight of the executive branch, including assessing federal agencies' management of information technology (IT) systems. The federal government annually spends more than $90 billion on IT. However, federal agencies face challenges in developing, implementing, and maintaining their IT investments. All too frequently, agency IT programs have incurred cost overruns and schedule slippages while contributing little to mission-related outcomes. Accordingly, GAO has included management of IT acquisitions and operations on its High Risk List. Recognizing the severity related to government-wide management of IT, in 2014, the Congress passed and the President signed federal IT acquisition reform legislation commonly referred to as the Federal Information Technology Acquisition Reform Act, or FITARA. This legislation was enacted to improve agencies' acquisition of IT and enable Congress to monitor agencies' progress and hold them accountable for reducing duplication and achieving cost savings. Among its specific provisions is a requirement for Chief Information Officers (CIOs) at covered agencies to certify that certain IT investments are adequately implementing incremental development as defined in the Office of Management and Budget's capital planning guidance. One such framework for incremental development is Agile software development, which has been adopted by many federal agencies. The Agile Assessment Guide discusses best practices that can be used across the federal government for Agile adoption, execution, and program monitoring and control. Use of these best practices should enable government programs to better transition to and manage their Agile programs. GAO has developed this guide to serve multiple audiences: The primary audience for this guide is federal auditors. Specifically, the guide presents best practices that can be used to assess the extent to which an agency has adopted and implemented Agile methods. Organizations and programs that have already established policies and protocols for Agile adoption and execution can use this guide to evaluate their existing approach to Agile software development. Organizations and programs that are in the midst of adopting Agile software development practices and programs that are planning to adopt such practices can also use this guide to inform their transitions. For more information, contact Carol Harris at (202) 512-4456 or harriscc@gao.gov.
    [Read More…]
  • United States Designates Senior Iranian Official in Iraq
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Judicial and Legislative Branches to Continue Discussions on Judiciary Case Management Bill
    In U.S Courts
    The Judicial Conference of the United States expressed its opposition to the version of a bill passed by the House this week, saying it “will have devastating budgetary and operational impact on the Judiciary and our ability to serve the public” by imposing radical and costly changes on the Third Branch’s electronic case management system without adequate funding.
    [Read More…]
  • Arrests Made in Conspiracy to Illegally Manufacture Firearms
    In Crime News
    On Oct. 20, 2020, a former United States Marine Lance Corporal, recently stationed at Camp Lejeune in Jacksonville, North Carolina, and two co-defendants were arrested in Boise, Idaho on the federal charge of conspiracy to unlawfully manufacture, possess, and distribute various weapons, ammunition, and suppressors.  Liam Montgomery Collins, 21, and Paul James Kryscuk, 35, recently of Boise, were charged via an indictment, while Jordan Duncan, 25, a North Carolina native also currently residing in Boise, was charged via a complaint, both obtained in the Eastern District of North Carolina.
    [Read More…]
  • Rule of Law Assistance: State and USAID Could Improve Monitoring Efforts
    In U.S GAO News
    The Department of State (State) Bureau of International Narcotics and Law Enforcement Affairs (State/INL) and the U.S. Agency for International Development (USAID) provided sufficient documentation for GAO to conclude that they followed most key practices for monitoring rule of law assistance for the awards we reviewed from selected countries. However, the agencies did not provide sufficient documentation demonstrating that they followed other key practices. Overall, State/INL followed these practices in most cases and USAID did so in almost all cases. Specifically, GAO's review of 19 State/INL and USAID projects found that USAID in all cases, and State/INL in most cases, followed key practices for planning a monitoring approach, such as developing project goals, objectives, and performance indicators. However, State/INL did not consistently demonstrate that project representatives included project goals and objectives in monitoring plans, and did not consistently identify risks in those plans (see fig.). Furthermore, neither agency could demonstrate that project representatives consistently assessed and approved monitoring reports from implementing partners. Following key monitoring practices helps to ensure that agencies stay well-informed of project performance and take corrective action when necessary, and that projects achieve their intended results. Without complete documentation, management cannot be sure that these practices are being followed. State/INL and USAID Alignment with Key Practices for Monitoring Rule of Law Assistance State and USAID have various processes to conduct, share, and use rule of law project evaluations to improve future efforts. Both agencies disseminate evaluations through online systems, briefings, and presentations, and have established approaches to track the implementation of evaluation recommendations, such as through spreadsheets or other documentation. The agencies use these evaluations in various ways to inform project design and strategic planning. Rule of law strengthens protection of fundamental rights and serves as a foundation for democratic governance and economic growth. According to State, strengthening judicial and legal systems in certain countries is vital to U.S. national security interests. State and USAID allocated over $2.7 billion for rule of law assistance overseas from fiscal years 2014 through 2018. GAO was asked to review monitoring and evaluation of U.S. rule of law assistance around the world. This report examines, among other objectives, the extent to which the agencies followed key practices for monitoring rule of law projects in selected countries, and processes agencies have in place to use evaluations to inform future rule of law assistance. GAO analyzed relevant laws and agency policies and other documents, and interviewed officials in Washington, D.C., and four countries—Colombia, Kosovo, Liberia, and the Philippines—selected based on funding amounts and other factors. GAO recommends that State/INL establish procedures to ensure project goals, objectives, and risks are identified in monitoring plans. GAO also recommends that State/INL establish and USAID enhance procedures to ensure project staff assess and approve monitoring reports. State and USAID concurred with GAO's recommendations. For more information, contact Chelsa Kenney Gurkin at (202) 512-2964 or gurkinc@gao.gov.
    [Read More…]