HHS faces cybersecurity risks after deep IT staff cuts impacted its infrastructure.
A wave of staff reductions at the U.S. Department of Health and Human Services (HHS) is raising serious alarms about the future of the agency’s IT and cybersecurity infrastructure. Multiple current and former employees told WIRED that the recent reduction in force (RIF) has challenged the Office of the Chief Information Officer (OCIO), leaving systems and public health data vulnerable to collapse or cyberattack.
On April 1, HHS employees, many in senior or security-sensitive roles, were informed of their termination, some only realizing they had been cut when their building access was revoked. The layoffs reportedly impacted around half of the OCIO, including top leadership such as the chief of staff, HR director, acquisition director, and even the CIO herself, Jennifer Wendel, who is set to leave next month.
The layoffs have left major functions in limbo. Sources say there is now a vacuum in contract management and cybersecurity oversight, with the agency losing many of the personnel who handled relationships with hundreds of external contractors. These contractors help keep systems operational and defend against potential cyber threats.
According to one former employee who served at HHS for a decade, the systems may soon struggle with functionality. Beyond IT professionals, the RIF also affected thousands of researchers and doctors from agencies like the CDC and FDA, as well as hundreds of administrative staff who supported the security of the nation’s most sensitive health records.
If security patches, system upgrades, and access controls are neglected due to staffing gaps, agencies could lose the ability to safeguard clinical trial data, patient records, and national public health surveillance systems.
An HHS spokesperson stated that some of the fears may be overstated, “The suggestion that critical IT and cybersecurity functions at HHS are being left unsecured is simply untrue.” The agency insisted that operations remain staffed and that it continues to prioritize modernization and public service over internal bureaucracy.
The internal changes could have far-reaching consequences for the integrity of national health systems. HHS oversees not only Medicare and Medicaid but also public health research, disease tracking, and emergency preparedness. Weaknesses in its digital infrastructure could ripple through every aspect of U.S. healthcare.
As cyber threats grow more complex and persistent, agencies like HHS require stability, leadership, and continuous investment in cybersecurity.
The OCIO oversees IT strategy, cybersecurity, data governance, and digital infrastructure across all HHS agencies.
Agencies like HHS manage sensitive health data and national health systems, making them high-value targets for cyberattacks and requiring constant maintenance and oversight.
Yes. HHS and its sub-agencies have been targeted in the past, including ransomware attacks and breaches that exposed health records and agency communications.
Disruptions at HHS could affect everything from Medicare claims processing to vaccine tracking and emergency response readiness if systems fail or data is compromised.