Health IT

Safeguarding Pentagon health records

Shutterstock image (by Sergey Nivens): close up of a scientist's hand holding a glass dish.

Hackers have healthcare data firmly in their sights, but Capt. John Windom is keen to keep the Pentagon's massive health records system from being the next breach victim.

"I can assure you ... [we] are very attentive to the cybersecurity and security measures that not only have already been implemented but that are forthcoming," Windom, program manager for the multibillion dollar Defense Healthcare Management Systems Modernization project, told FCW Oct. 27.

"We're going to be probing potential vulnerability areas time and time again to ensure that prior to deployment within the framework of our DOD healthcare enterprise," the security environment is appropriately tested, added Windom, who spoke to FCW after his appearance at a National Defense Industrial Association conference in Springfield, Va.

The Navy captain said he has paid close attention to high-profile security failings like the breach of the Office of Personnel Management, adding that Frank Kendall, the Pentagon's top acquisition official, expects as much from his program managers.

The multibillion dollar DHMSM contract, awarded in July to the team of Leidos, Cerner and Accenture, is to deliver a single commercial health records product that serves 9.6 million people, and is interoperable with the Veterans Affairs' Vista health records system and with private-sector systems.

The cyber stakes for health data are high. Earlier this year, two big health insurers, Anthem Inc. and Premera Blue Cross, revealed they had been breached in hacks that affected millions of people.  

Meanwhile, retired Gen. Keith Alexander, the former head of the National Security Agency and U.S. Cyber Command, has said hackers could be exploring the ability to manipulate health data as a new form of cyber mischief.

Windom said his team is on track to implement the DHMSM project, but that there will not be any shortchanging of security requirements or other due diligence. "We will not let schedule dictate us not doing what's right," he said.

The commercial off-the-shelf nature of the DHMSM product meant that the Pentagon staff responsible for testing and evaluating the program did not have to be overly cautious with up-front testing, according to Windom.

"What we don't want to do is undermine that objective by being overly restrictive in the way we test," he said. "Cerner has a $600 million-plus R&D budget…So in order for us to leverage and capitalize on the off-the-shelf solution, we want to use a similar [testing] baseline."

About the Author

Sean Lyngaas is a former FCW staff writer.


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.