Health IT

Safeguarding Pentagon health records

Shutterstock image (by Sergey Nivens): close up of a scientist's hand holding a glass dish.

Hackers have healthcare data firmly in their sights, but Capt. John Windom is keen to keep the Pentagon's massive health records system from being the next breach victim.

"I can assure you ... [we] are very attentive to the cybersecurity and security measures that not only have already been implemented but that are forthcoming," Windom, program manager for the multibillion dollar Defense Healthcare Management Systems Modernization project, told FCW Oct. 27.

"We're going to be probing potential vulnerability areas time and time again to ensure that prior to deployment within the framework of our DOD healthcare enterprise," the security environment is appropriately tested, added Windom, who spoke to FCW after his appearance at a National Defense Industrial Association conference in Springfield, Va.

The Navy captain said he has paid close attention to high-profile security failings like the breach of the Office of Personnel Management, adding that Frank Kendall, the Pentagon's top acquisition official, expects as much from his program managers.

The multibillion dollar DHMSM contract, awarded in July to the team of Leidos, Cerner and Accenture, is to deliver a single commercial health records product that serves 9.6 million people, and is interoperable with the Veterans Affairs' Vista health records system and with private-sector systems.

The cyber stakes for health data are high. Earlier this year, two big health insurers, Anthem Inc. and Premera Blue Cross, revealed they had been breached in hacks that affected millions of people.  

Meanwhile, retired Gen. Keith Alexander, the former head of the National Security Agency and U.S. Cyber Command, has said hackers could be exploring the ability to manipulate health data as a new form of cyber mischief.

Windom said his team is on track to implement the DHMSM project, but that there will not be any shortchanging of security requirements or other due diligence. "We will not let schedule dictate us not doing what's right," he said.

The commercial off-the-shelf nature of the DHMSM product meant that the Pentagon staff responsible for testing and evaluating the program did not have to be overly cautious with up-front testing, according to Windom.

"What we don't want to do is undermine that objective by being overly restrictive in the way we test," he said. "Cerner has a $600 million-plus R&D budget…So in order for us to leverage and capitalize on the off-the-shelf solution, we want to use a similar [testing] baseline."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.