Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • Big Wins
Breadcrumb
  1. Home
  2. About
  3. Budget
  4. FY2022
  5. Performance
  6. FY 2022 Annual Performance Plan and Report - Goal 5 Objective 4
  • HHS Family of Agencies
    • HHS Agencies & Offices
    • Regional Offices
    • Advisory Committees, Task Forces & Initiatives
    • Organizational Chart
  • Leadership
  • Budget & Performance
    • FY 2025 Contingency Staffing Plan
    • FY 2025 Budget in Brief
    • FY 2025 Annual Performance Plan and Report
    • FY 2024 Contingency Staffing Plan
    • FY 2024 Annual Performance Plan and Report
    • FY 2023 Contingency Staffing Plan
    • FY 2023 Annual Performance Plan and Report
    • FY 2022 Contingency Staffing Plan
    • FY 2022 Annual Performance Plan and Report
    • FY 2021 Contingency Staffing Plan
    • FY 2021 Annual Performance Plan and Report
    • FY 2020 Contingency Staffing Plan
    • FY 2020 Annual Performance Report
  • Press Room
  • I Am HHS
  • Careers

FY 2022 Annual Performance Plan and Report - Goal 5 Objective 4

Fiscal Year 2022
Released June, 2021

Topics on this page: Goal 5. Objective 4 | Objective 5.4 Table of Related Performance Measures


Goal 5. Objective 4: Protect the safety and integrity of our human, physical, and digital assets

Providing security for HHS involves more than preventing breaches or cybersecurity attacks.  The Department's OpDivs and StaffDivs participate in efforts to preserve physical security; personnel security and suitability; security awareness; information security (including the safeguarding of sensitive and classified material); and security and threat assessments.  In addition, the Department has established a network of scientific, public health, and security professionals internally, as well as points of contact in other agencies (e.g., intelligence community and the Information Sharing Environment Council).  The Department has specialized staff to provide policy direction to facilitate the identification of potential vulnerabilities or threats to security, conduct analyses of potential or identified risks to security and safety, and work with agencies to develop methods to address them.

In the previous administration, the Office of the Secretary led this objective.  All divisions contribute to the achievement of this objective.  HHS has determined that performance toward this objective is progressing.  The narrative below provides a brief summary of progress made and achievements or challenges, as well as plans to improve or maintain performance.

Objective 5.4 Table of Related Performance Measures

Decrease the Percentage of Susceptibility among personnel to phishing (Lead Agency - ASA; Measure ID - 3.5)

Measure FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 FY 2021 FY 2022
Target N/A N/A N/A Baseline 6.8% 6.5% 6.2% 6.0%
Result N/A N/A N/A 7% 4.5% 4.7% 12/31/21 12/31/22
Status N/A N/A N/A Actual Target Met Target Met Pending Pending

Phishing is a fraudulent attempt to obtain sensitive information (e.g.,  user names and passwords) to access a system or network.  Statistics suggest phishing attacks remain one of the main threat vectors targeting the health care industry.  Data from Google, CheckPoint, Gartner, and others indicate that both phishing attacks in general and those on registered COVID-19 related domains skyrocketed.  HHS trains and educates its personnel to reduce the likelihood of staff mistaking phishing email attempts for legitimate communications through a combination or training, education, and tools.  The response rates to phishing training drills remain well below the industry average.  HHS will continue this program in FY 2021 and strive to improve user reporting and resistance rates.

Maintain the number of days since last major incident of personally identifiable information (PII) breach (Lead Agency - ASA; Measure ID - 3.6)50

Measure FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 FY 2021 FY 2022
Target N/A N/A N/A Baseline 365 366 365 365
Result N/A N/A N/A 365 365 366 9/20/21 9/20/21
Status N/A N/A N/A Actual Target Met Target Met Pending Pending

If an employee misuses, loses, or otherwise compromises PII, the action may result in steep financial costs and damage to the Department's reputation.  This measure serves as an enterprise-wide countdown since the last breach, based on the OMB definition of a major incident in the Department.  HHS has not reported a major breach in more than 1096 days.  HHS works closely with OpDiv privacy programs to continue to protect PII that is collected, used, maintained, shared, and disposed of by HHS information systems.  HHS will continue to work with privacy programs across the Department to ensure staff training in protecting and safeguarding PII.


50 HHS has updated the FY 2020 target for this measure to reflect that this is a leap year.


<< Return to Topics in this ReportTop of pageEvidence Building Efforts >>

Content created by Assistant Secretary for Financial Resources (ASFR)
Content last reviewed September 27, 2022
Back to top

Subscribe to Email Updates

Receive the latest updates from the Secretary and Press Releases.

Subscribe
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

Follow HHS

Follow Secretary Kennedy