Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • Big Wins
Breadcrumb
  1. Home
  2. About
  3. Budget
  4. HHS FY 2021 Budget in Brief
  5. FY 2021 Annual Performance Plan and Report
  6. FY 2021 - Goal 5 Objective 4
  • HHS Family of Agencies
    • HHS Agencies & Offices
    • Regional Offices
    • Advisory Committees, Task Forces & Initiatives
    • Organizational Chart
  • Leadership
  • Budget & Performance
    • FY 2025 Contingency Staffing Plan
    • FY 2025 Budget in Brief
    • FY 2025 Annual Performance Plan and Report
    • FY 2024 Contingency Staffing Plan
    • FY 2024 Annual Performance Plan and Report
    • FY 2023 Contingency Staffing Plan
    • FY 2023 Annual Performance Plan and Report
    • FY 2022 Contingency Staffing Plan
    • FY 2022 Annual Performance Plan and Report
    • FY 2021 Contingency Staffing Plan
    • FY 2021 Annual Performance Plan and Report
    • FY 2020 Contingency Staffing Plan
    • FY 2020 Annual Performance Report
  • Press Room
  • I Am HHS
  • Careers

FY 2021 Annual Performance Plan and Report - Goal 5 Objective 4

Fiscal Year 2021
Released March, 2020
 

Topics on this page: Goal 5. Objective 4 | Objective 5.4 Table of Related Performance Measures


Goal 5. Objective 4: Protect the safety and integrity of our human, physical, and digital assets

Providing security for HHS involves more than preventing breaches or cybersecurity attacks.  The Department’s OpDivs and StaffDivs participate in efforts to preserve physical security; personnel security and suitability; security awareness; information security, including the safeguarding of sensitive and classified material; and security and threat assessments.  In addition, the Department has established a network of scientific, public health, and security professionals internally, as well as points of contact in other agencies, in the intelligence community, and in the Information Sharing Environment Council.  The Department has specialized staff to provide policy direction to facilitate the identification of potential vulnerabilities or threats to security, conduct analyses of potential or identified risks to security and safety, and work with agencies to develop methods to address them.

The Office of the Secretary leads this objective. All divisions contribute to the achievement of this objective. HHS  believes performance toward this objective is progressing. The narrative below provides a brief summary of progress made and achievements or challenges, as well as plans to improve or maintain performance.

Objective 5.4 Table of Related Performance Measures

Decrease the Percentage of Susceptibility among personnel to phishing (Lead Agency - ASA; Measure ID - 3.5)

  FY 2014 FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 FY 2021
Target N/A N/A N/A N/A Baseline 6.8% 6.5% 6.2%
Result N/A N/A N/A N/A 7% 4.5% 12/31/20 12/31/21
Status N/A N/A N/A N/A Actual Target Met Pending Pending

Phishing is a fraudulent attempt to obtain sensitive information, like user names and passwords, to access a system or network.  HHS provides training, education, and tools (e.g., email add-in) to reduce the likelihood of staff mistaking phishing email attempts for legitimate communications over time.  In order to mitigate future breaches, HHS focuses on vulnerabilities to phishing attacks and other cyber threats.  In FY 2020 HHS will continue training and phishing exercises to assess progress.

Maintain the number of days since last major incident of personally identifiable information (PII) breach (Lead Agency - ASA; Measure ID - 3.6)53

  FY 2014 FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 FY 2021
Target N/A N/A N/A N/A Baseline 365 366 365
Result N/A N/A N/A N/A 365 365 9/20/20 9/20/21
Status N/A N/A N/A N/A Actual Target Met Pending Pending

If an employee misuses, loses, or otherwise compromises PII, the action results in steep financial costs and damage to the Department’s reputation. The Department is committed to protecting PII from misuse. HHS has developed a privacy program for the protection of personally identifiable information that the Department information systems collect, use, maintain, share, and expunges. 54 This measure tracks the number of days in a fiscal year since a major harm incident. A major data breach has not occurred in more than 730 days. HHS will continue to train staff in protecting and safeguarding PII.


53 HHS has updated the FY 2020 target for this measure to reflect that this is a leap year.

54 A major harm incident is any incident that is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.


<< Return to Topics in this Report

Top of page

Evidence Building Efforts >>

 

Content created by Office of Budget (OB)
Content last reviewed March 11, 2020
Back to top

Subscribe to Email Updates

Receive the latest updates from the Secretary and Press Releases.

Subscribe
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

Follow HHS

Follow Secretary Kennedy