CHICAGO—One of the major contenders for the massive, multibillion dollar contract to modernize the Defense Department's electronic health records system is publicly touting its cybersecurity capabilities at this year's HIMSS conference.
Leidos, which is partnered with Cerner and Accenture on the bidding, claims it will bring superior cybersecurity skills to the job. In an age when Chinese and North Korean government-sponsored hackers are prime suspects for every security breach, it's a skill set the Pentagon will likely have high on its list of priorities when it makes the final determination.
Of course, Leidos' promotion campaign, which has included aggressive advertising in inside-the-Beltway publications like Politico, doesn't mean the other players in the field are necessarily lacking in the cybersecurity department. They're just not talking about it.
The other bidders include an Epic and IBM team and an Allscripts, Hewlett Packard and Computer Sciences Corp. consortium. Representatives for IBM and Allscripts said no events were scheduled at HIMSS. Epic did not respond a request for comment.
Leidos, on the other hand, was downright chatty. Its officials said serving the armed forces, which is constantly being moved around on virtually every continent, will make cybersecurity a major challenge. “Every piece of interoperability poses more challenges in terms of security,” said Michael Leiter, Leidos' vice president for business development. Rather than use locally-hosted data servers, Defense is asking to use a hot trend: cloud technology. That's because it is easier to use, as it is difficult to deploy servers in remote locations.
That's better for security, Leiter argued. It makes it easier to monitor more centrally-stored data; to update security services protecting that data; and to prohibit unsafe user practices (such as having a comically simple passwords).
The Pentagon will lead the way in moving healthcare institutions toward “private clouds,” he claimed, where data and software are hosted remotely but not necessarily commingled with other institutions' data.
In 2011, military health system Tricare reported that records for 4.9 million patients were breached when Leidos (formerly Science Applications International Corp.), then a contractor for the system's insurance carrier, lost backup tapes used to store EHR data for patients in the San Antonio area. The tapes were stolen from the car of an employee transporting them to an off-site storage facility.
While Leiter did not mention that data breach specifically, he noted that risks of misplaced laptops and other similar mishaps are common and difficult to eradicate, noting that it doesn't matter what technology a given system has when some errors occur.
With other contenders remaining mum on their bids, it's hard to know if Leidos brings unique capabilities to the table on this crucial issue—beyond the willingness to talk about it publicly.