Changes to DHA Will Impact Cybersecurity Needs

By Lloyd McCoy, Market Intelligence Manager

The mandates in the National Defense Authorization Acts of 2017 and 2019 called for greater centralization of the military health system. We are now seeing these initiatives being set in motion. One prime example is the migration of the Army, Navy and Air Force’s more than 400 military hospitals and clinics under the umbrella of the Defense Health Agency. I recently attended an AFCEA luncheon where Dr. Barclay Butler, the Component Acquisition Executive for DHA, and Pat Flanders, DHA CIO, spoke extensively on the ongoing consolidation, as well as other initiatives which promise to impact how those selling IT should approach defense health IT leaders.

Measurability and efficiency are driving the trend toward centralization and standardization across the Defense Health establishment. This is particularly applicable for security vendors since DHA wants to instill commonality in cybersecurity services and tools — from the largest military hospitals to the widely dispersed clinics. The two leaders urged industry that when engaging with Army, Navy and Air Force hospitals and clinics, think of the big picture. How can your solution work and be applicable across the entire military health enterprise?

Measurability

Butler and Flanders spoke at length about the need to measure outcomes. For security solutions, that means being able to better monitor threats and speed of remediation. Nothing new on the surface, but this requirement becomes more complicated as more and more military facilities get subsumed under DHA, with all the network architecture and migration challenges that come with the transition. Having a steady dialogue with DHA or one of the service medical commands is critical to ensure that safety and security aren’t negatively impacted by these changes – while ensuring that the hospitals and clinics have robust capabilities for measuring and auditing their security posture.

Efficiency

The other driver for the move toward centralization is efficiency. DHA is expected to undergo manpower reductions over the next decade. Therefore, a big focus for them is finding ways to improve visibility and threat response with fewer people. They didn’t explicitly cite automation and AI as a way forward, but it stands to reason that bringing such capabilities to the fore will resonate. Blockchain was also mentioned as something they are looking into because of its built-in security and how useful it will be for private-public sector relationships and information sharing.

Insertion Points

Areas where you can expect to see the bulk of cybersecurity dollars is the Office of the CIO, led by Flanders, since much of DHA’s cyber requirements fall under his purview. Also, you’ll find cybersecurity requirements within the two major DHA programs, MHS Genesis and soon, JOMIS (the overseas version of MHS Genesis). You’ll want to talk to those program offices. The aforementioned transition of the military hospitals and clinics will see related security dollars flowing through DHA but for now, those that haven’t transitioned will be responsible for portions of their own security (by Oct 2021, 100% of facilities will have migrated under DHA). SPAWAR Atlantic provides cybersecurity and data management services to DHA as well.

With the advent of connected things (to include medical devices), the global cyber threat environment and growing popularity of remote/telehealth services, etc., we’ve seen a growing need for the defense health establishment to have the most advanced cyber tools at its disposal. You’ll find open ears if your messaging aligns to DHA priorities centered on centralization, standardization, efficiency and measurability.

Subscribe to immixGroup’s Government Sales Insider blog to receive regular insights into DOD trends and drivers.

View the DOD Market Intelligence briefing from the recent Government IT Sales Summit for details on the latest top-funded FY 2019 opportunities.