A team that was removed from the Department of Health and Human Services (HHS) managed over a hundred contracts valued at several hundred million dollars, which included vital cybersecurity licenses. This team also oversaw the renewal of contracts for hundreds of specialized contractors, including a group of cybersecurity contractors working at the Computer Security Incident Response Center (CSIRC). The CSIRC is a key component of the department’s cybersecurity program, directed by the chief information security officer.
Although each agency within HHS maintains its own cybersecurity and IT team, the CSIRC is unique in its comprehensive oversight of the department’s entire network. Located in Atlanta, this center is responsible for monitoring the overall HHS network and is tasked with preventing, detecting, reporting, and responding to cybersecurity incidents.
Described as the department’s “nerve center” by a source, the CSIRC maintains direct links with the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Defense Health Agency, and the intelligence community.
The contractors stationed at the CSIRC provide continuous coverage in three eight-hour shifts daily, diligently monitoring the network for outages or attacks from both internal and external sources. However, these contracts will expire on June 21, and with the overseeing office no longer operational at HHS, it remains uncertain who has the authority or knowledge to renew them.
Compounding this risk is the General Services Administration’s decision to end the lease for the CSIRC’s Atlanta location by December 31, 2025. Many cybersecurity and monitoring tools used by these contractors are also approaching their renewal dates.
If the current situation is not resolved, the department could be vulnerable to external threats targeting substantial databases containing public health information, sensitive drug testing clinical trial data at agencies such as the NIH or FDA, and various organizations’ mental health records, according to a source. This view is shared by other sources who have spoken to WIRED.
Prior to the recent reduction in force (RIF), some administrative personnel had meetings with operatives from Elon Musk’s so-called Department of Government Efficiency (DOGE), including Clark Minor, a software engineer with over a decade at Palantir who was appointed as the department’s chief information officer.
An HHS employee reported that during a discussion on OCIO activities, Minor appeared overwhelmed by the vast scale of HHS, an agency responsible for more than a quarter of federal spending in 2024, consisting of numerous offices, staff, and operating divisions. According to two current agency sources, Minor has not provided guidance on the transition to the remaining HHS staff.
WIRED’s request for comment from Minor went unanswered. Internal systems within HHS are reportedly deteriorating. For instance, a staff member responsible for coordinating travel for HHS employees stated that the RIF has regressed federal travel processes to those used before the first Electronic Travel System contract was implemented in 2004.