Much of the IT and cybersecurity infrastructure underpinning the US health system is in danger of a possible collapse following a purge of IT staff and leadership at the Department of Health and Human Services (HHS), four current and former agency workers tell WIRED. This could put vast troves of public health data, including the sensitive health records of hundreds of millions of Americans, clinical trial data, and more, at risk of exposure.
As a result of a reduction in force, or RIF, in the Office of the Chief Information Officer (OCIO), the sources say, staff who oversee and renew contracts for critical enterprise services are no longer there. The same staff oversaw hundreds of contractors, some of whom play a crucial role in keeping systems and data safe from cyberattacks. And a void of leadership means that efforts to draw attention to what the sources believe to be a looming catastrophe have allegedly been ignored.
Thousands of researchers, scientists, and doctors lost their jobs earlier this month at HHS agencies critical to ensuring America’s health, such as the Centers for Disease Control and and Prevention (CDC) and the Food and Drug Administration (FDA). Hundreds of administrative staff were also subjected to a reduction in force. Many of these staffers were responsible for helping ensure that the mass of highly personal and sensitive information these agencies collect is kept secure.
Employees who were subject to the RIF, as well as some who remain at the agency, tell WIRED that without intervention, they believe the systems they managed could go dark, potentially putting the entire health care system at risk.
“Pretty soon, within the next couple of weeks, everything regarding IT and cyber at the department will start to operationally reach a point of no return,” one source, who was part of a team that managed these systems at HHS for a decade before being part of the RIF, alleges to WIRED.
Like many across the agency, administrative staff found out they were part of the RIF on April 1 in an email sent at 5 am Eastern, though a number of employees only realized they had been let go when their badges no longer worked when trying to access HHS buildings.
Among those impacted were half of the staff working at the OCIO—around 150 people, including the entire workforce at the Immediate Office of the CIO, which includes senior figures like the chief of staff, HR director, acquisition director, and budget director, sources tell WIRED. The CIO, Jennifer Wendel, who has worked in the federal government for almost three decades, is also departing, sources say, and will end her tenure next month. Wendel did not respond to a request for comment from WIRED.
“The suggestion that critical IT and cybersecurity functions at HHS are being left unsecured is simply untrue,” an HHS spokesperson tells WIRED. “Essential operations at HHS, including contract management and cybersecurity oversight—remain staffed and functional. It’s unfortunate that some former employees are spreading unfounded rumors. HHS remains committed to a secure, modernized HHS that serves the American people, not internal bureaucracy.”
| Got a Tip? |
|---|
| Are you a current or former government employee who wants to talk about what's happening? We'd like to hear from you. Using a nonwork phone or computer, contact the reporter securely on Signal at davidgilbert.01. |
One team that was purged from HHS managed over a hundred contracts worth hundreds of millions of dollars, including crucial cybersecurity licenses. It also managed the renewal of contracts for hundreds of specialized contractors who perform critical tasks for the department, including a dozen cybersecurity contractors who work at the Computer Security Incident Response Center (CSIRC)—the primary component of the department’s overall cybersecurity program which is overseen by the chief information security officer.
While all of HHS’s agencies have their own cybersecurity and IT teams, the CSIRC is the only one that has visibility across the entire network of the department. This center, based in Atlanta, monitors the entire HHS network and is tasked with preventing, detecting, reporting, and responding to cybersecurity incidents at HHS.
“It is the department’s nerve center,” the source says. “It has direct links to DHS, CISA, Defense Health Agency, and the intelligence community.”
The contractors provide round-the-clock coverage on three eight-hour shifts every single day, monitoring the network for any possible outages or attacks from inside or outside the network. Those contracts are set to expire on June 21; while there is time to renew them, it’s not clear who is authorized to do so or knows how, since the entire office that oversees the process is no longer working at HHS.
Adding to the threat is the decision by the General Service Administration to terminate the lease for the CSIRC in Atlanta, effective December 31, 2025.
Many of the cybersecurity and monitoring tools the contractors use to monitor the networks are also due for renewal in the coming months.
If the situation is not addressed, “pretty soon, the department will be completely open to external actors to get at the largest databases in the world that have all of our public health information in them, our sensitive drug testing clinical trial information at the NIH or FDA or different organizations’ mental health records,” the source claims, echoing the opinions of other sources who spoke to WIRED.
In the weeks leading up to the RIF, some administrative staff did have interactions with Elon Musk’s so-called Department of Government Efficiency (DOGE) operatives, including Clark Minor, a software engineer who worked at Palantir for over a decade and was recently installed as the department’s chief information officer.
As one employee was detailing the work they did at the OCIO, they said, they got the sense that Minor—whose online résumé does not detail any experience in the federal government—seemed overwhelmed by the sheer scale of HHS, an agency that accounted for over a quarter of federal spending in 2024 and consists of an almost innumerable amount of offices and staff and operating divisions.
Minor has not provided guidance to the remaining HHS staff on the transition, according to two sources still at the agency.
Minor did not respond to a request for comment from WIRED.
Some internal systems are already breaking down, according to sources still working at HHS. One employee, who facilitates travel for HHS employees, says the RIF “set federal travel back to processes that were in place prior to the first Electronic Travel System contract in 2004.”
While sources who spoke to WIRED differed on exactly when and how the IT and cybersecurity infrastructure at the department might collapse, they all agreed that without a radical intervention in the coming weeks, the fallout could be catastrophic.
"If the US health system lost CMS, FDA, NIH, and CDC functionality indefinitely without warning, and no backup systems were available, this would be an unprecedented systemic shock," one source at the OCIO tells WIRED.
Current HHS workers say they have not been presented with a plan to remedy the looming crisis, and have seen no leadership from either the political appointees or DOGE operatives who have been installed at HHS.
“There is no transition, and those in charge are AWOL,” one person currently working at HHS tells WIRED, echoing the sense of “chaos” found in an in-depth investigation into HHS by Stat. “I’m doing nothing productive. I’m answering emails stating we cannot help, we cannot process, we have no guidance, we cannot operate. This ship has no captain whatsoever, and I’m playing in the band while the Titanic sinks.”
