Health IT

Safeguarding Pentagon health records

Shutterstock image (by Sergey Nivens): close up of a scientist's hand holding a glass dish.

Hackers have healthcare data firmly in their sights, but Capt. John Windom is keen to keep the Pentagon's massive health records system from being the next breach victim.

"I can assure you ... [we] are very attentive to the cybersecurity and security measures that not only have already been implemented but that are forthcoming," Windom, program manager for the multibillion dollar Defense Healthcare Management Systems Modernization project, told FCW Oct. 27.

"We're going to be probing potential vulnerability areas time and time again to ensure that prior to deployment within the framework of our DOD healthcare enterprise," the security environment is appropriately tested, added Windom, who spoke to FCW after his appearance at a National Defense Industrial Association conference in Springfield, Va.

The Navy captain said he has paid close attention to high-profile security failings like the breach of the Office of Personnel Management, adding that Frank Kendall, the Pentagon's top acquisition official, expects as much from his program managers.

The multibillion dollar DHMSM contract, awarded in July to the team of Leidos, Cerner and Accenture, is to deliver a single commercial health records product that serves 9.6 million people, and is interoperable with the Veterans Affairs' Vista health records system and with private-sector systems.

The cyber stakes for health data are high. Earlier this year, two big health insurers, Anthem Inc. and Premera Blue Cross, revealed they had been breached in hacks that affected millions of people.  

Meanwhile, retired Gen. Keith Alexander, the former head of the National Security Agency and U.S. Cyber Command, has said hackers could be exploring the ability to manipulate health data as a new form of cyber mischief.

Windom said his team is on track to implement the DHMSM project, but that there will not be any shortchanging of security requirements or other due diligence. "We will not let schedule dictate us not doing what's right," he said.

The commercial off-the-shelf nature of the DHMSM product meant that the Pentagon staff responsible for testing and evaluating the program did not have to be overly cautious with up-front testing, according to Windom.

"What we don't want to do is undermine that objective by being overly restrictive in the way we test," he said. "Cerner has a $600 million-plus R&D budget…So in order for us to leverage and capitalize on the off-the-shelf solution, we want to use a similar [testing] baseline."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected