The HHS Inspector General has confirmed it will launch an investigation into the department’s cybersecurity office after two sidelined leaders launched a complaint.
In a statement provided to Healthcare Informatics, an OIG spokesperson said, “The OIG has a general practice of neither confirming nor denying the existence of an investigation being conducted by our office. However, because information has come to light that suggests that the OIG was conducting an investigation involving the Healthcare Cybersecurity and Communications Integration Center (HCCIC), we are willing to acknowledge that an OIG investigation involving HCCIC is/was ongoing. We are not at liberty to provide any further details at this time.”
The statement follows months of controversy at the fledgling cyber office after Chris Wlaschin, HHS’ chief information security officer, put HCCIC executives Leo Scanlon and Maggie Amato on leave in September following allegations of contracting improprieties. Amato left government and the two executives disputed the allegations and complained about mistreatment to Congress.
In a letter sent to HHS Secretary Alex Azar through their attorney, Scanlon and Amato demanded a meeting and complained that HHS has violated the maximum use of administrative leave for Scanlon as the 120-day period expired on February 18. The letter states that Scanlon and Amato were “shocked and surprised” when “they were both recently advised, unequivocally and categorically, by senior investigators from the HHS OIG, that neither of them are currently or were at any time in the past under investigation by the OIG.”
HHS Chief Information Officer Chris Wlaschin also announced his resignation, effective at the end of March, citing family reasons entirely separate from the controversy. He will be replaced by Janet Vogel, currently the deputy chief information officer at the Centers for Medicare & Medicare Services.
In a statement, an HHS spokesperson said, “Janet brings thirty years of federal experience to the position with the last 16 years at CMS. Her broad spectrum of skills in information technology, information security, organizational change, acquisition, and risk mitigation will be key to transforming and expanding HHS’ cyber programs into the healthcare.”