Language Selection

Get healthy now with MedBeds!
Click here to book your session

Protect your whole family with Orgo-Life® Quantum MedBed Energy Technology® devices.

Advertising by Adpathway

         

 Advertising by Adpathway

GAO: Federal EHR Cybersecurity Needs Stronger Governance, Clearer Accountability

4 days ago 6

PROTECT YOUR DNA WITH QUANTUM TECHNOLOGY

Orgo-Life the new way to the future

  Advertising by Adpathway

As healthcare organizations continue to face an escalating cyber threat environment, a new report from the U.S. Government Accountability Office (GAO) underscores that technology alone is not enough to protect electronic health records. Strong governance, measurable goals, and coordinated leadership are equally critical.

The report examines cybersecurity oversight of the federal electronic health record (EHR)—a shared Oracle Health Millennium platform used by the Department of Defense (DOD), Department of Veterans Affairs (VA), U.S. Coast Guard, and National Oceanic and Atmospheric Administration. When fully deployed, the system will support more than 500,000 users caring for over 18 million beneficiaries, making it one of the nation's largest EHR environments.

Although GAO found that the Federal Electronic Health Record Modernization (FEHRM) office has established a collaborative governance structure and helped coordinate cybersecurity efforts among participating agencies, the audit concluded that significant management gaps remain. Specifically, FEHRM has not established common cybersecurity goals, measurable outcomes, or performance metrics to evaluate whether collaboration is effectively reducing cyber risk.

The findings come as healthcare cybersecurity continues to receive heightened attention following major ransomware attacks that have disrupted care delivery nationwide. The report points to the 2024 cyberattack that disrupted prescription processing across the healthcare sector, causing delays at military pharmacies and creating a backlog of approximately 1 million VA prescription claims.

For health system executives, the report reinforces a broader lesson that extends beyond the federal government: governance must evolve alongside cybersecurity technology. Organizations operating complex, multi-entity clinical environments cannot rely solely on technical controls. They also need clearly defined leadership responsibilities, measurable objectives, and ongoing accountability for collaborative security efforts.

GAO noted that FEHRM has successfully implemented several collaborative activities, including regular interagency cybersecurity meetings, tabletop exercises, joint governance boards, and coordination around configuration management and incident response. However, several planned initiatives—including a Joint Security Operations Center and an interagency cyber assessment—were either modified or discontinued because of organizational and staffing challenges.

Perhaps most concerning, GAO found that FEHRM only fully met five of eight leading practices for effective interagency collaboration. It partially met standards related to defining common outcomes and sustaining leadership, while failing to meet the practice of ensuring accountability because it lacks performance measures to monitor cybersecurity collaboration.

GAO's recommendations

Rather than recommending new cybersecurity technologies, GAO focused on strengthening governance and oversight. It recommends that DOD and VA direct FEHRM to:

  • Establish clear, shared cybersecurity and privacy goals across participating agencies.
  • Define measurable short- and long-term outcomes for protecting the federal EHR.
  • Develop performance measures that track progress against those goals.
  • Regularly monitor, assess, and communicate results to agency leadership and Congress.
  • Strengthen accountability by tying collaborative activities to measurable outcomes rather than simply documenting that collaboration occurred.

Why it matters for healthcare leaders

While the report focuses on the federal EHR, its conclusions have implications across the healthcare industry. Many health systems today operate increasingly interconnected environments involving affiliated hospitals, physician groups, pharmacies, health information exchanges, cloud vendors, and third-party technology partners.

As these ecosystems expand, cybersecurity becomes as much a governance challenge as a technical one. Healthcare organizations should consider whether they have:

  • Clearly defined cybersecurity objectives shared across all participating organizations.
  • Executive-level accountability for cross-organizational cyber risk.
  • Meaningful performance metrics that measure collaboration—not simply compliance.
  • Formal incident response processes that span organizational boundaries.
  • Leadership succession and governance structures capable of sustaining long-term cybersecurity programs.

The GAO concludes that without clearly articulated goals and measurable performance indicators, organizations risk being unable to demonstrate whether collaborative cybersecurity efforts are actually improving resilience. For healthcare leaders, the message is straightforward: effective cyber defense depends not only on stronger technology, but also on stronger governance, shared accountability, and measurable outcomes.

Read Entire Article

         

        

Start the new Vibrations with a Medbed Franchise today!  

Protect your whole family with Quantum Orgo-Life® devices

  Advertising by Adpathway