Under the Little RFK, insiders worry that U.S. health agencies are a cybersecurity disaster waiting for disaster

It's only been a few months since RFK Jr. served as head of the Department of Health and Human Services, but unless something changes dramatically, he will be one of the worst health leaders in the agency's history.

Under Kennedy’s watch, HHS fired thousands of employees, including CDC, FDA researchers and scientists, as well as other critical health and scientific institutions that engage in critical research and protect Americans’ health. Meanwhile, massive cuts in funding threaten state and local health programs that rely on government funds. Last week, Kennedy claimed he felt “unfamiliar” with the many cuts he experienced. Now, a new report claims that the government is also in the process of clearing out its IT and cybersecurity teams, a move that puts countless sensitive health and scientific data at risk of online exposure.

Under Kennedy's leadership, HHS has become a massive data breach, waiting to happen, Wired wrote. Major cuts such as the Computer Security Incident Response Center (a team responsible for protecting the agency’s departments from cyber attacks) have led to what government insiders call “imminent disasters.”

The problem is that a large number of executives are responsible for filling positions in mission-critical IT and cybersecurity roles, putting many programs in a difficult position. “The staff who oversee and renew critical enterprise service contracts no longer exist,” the magazine noted. Those missing employees oversee “hundreds of contractors, some of whom play a vital role in keeping systems and data protected from cyberattacks.” In particular, HHS is awaiting “contract renewals for hundreds of professional contractors performing critical missions for the department, including more than a dozen cybersecurity contractors working at the Computer Security Incident Response Center (CSIRC), a major component of the department's overall cybersecurity program, which is the responsibility of the principal information security personnel.”

This is really bad news, as HHS is tasked with maintaining thousands of incredibly sensitive records, including health records and clinical trial data from hundreds of millions of Americans. Sources from the magazine said that if the surrounding cybersecurity protections are shaken, the data could be subject to online attacks. “Soon, in the next few weeks, everything about it and the network of the department will start to be operationally unrewarded,” a source recently released told the magazine.

Clark Minor, the new CIO of the new agency, was also blamed for some liability. Minor, formerly a long-time Palantir employee, took over as CIO at HHS in February. Wired's report quoted anonymous employees as saying the position seemed “overwhelmed” and so far he has not provided any “guidance to the remaining HHS staff” on the current situation.

Gizmodo contacts HHS. “It is untrue to suggest that the critical and cybersecurity features of HHS are not constrained. The basic operations of HHS, including contract management and cybersecurity oversight, include personnel and functionality of personnel, and some former employees are persistently incredible and mean. Not internal bureaucracy.”