U.S. Department of Health and Human Services

Industry: Healthcare

Location: United States

Products Used: TRITON® Web Security

Size: 150,000 users

Security Issue: Sharing sensitive information

Raytheon|Websense helps us defend against millions of online attacks each month and has significantly reduced malware infections.

Security Official, U.S. Department of Health and Human Services



The U.S. Department of Health and Human Services (HHS) is the government’s principal agency for protecting the health and providing essential human services for all Americans. It represents almost one quarter of all federal outlays and administers more grant dollars than all other federal agencies combined. The HHS Centers for Medicare and Medicaid programs provide healthcare insurance for one in four Americans. In fact, Medicare is the nation’s largest health insurer and it handles more than 1 billion claims each year.

HHS includes the Office of the Secretary and 11 operating divisions, including Centers for Disease Control and Prevention, Food and Drug Administration, and the National Institutes of Health. Eight are agencies in the U.S. Public Health Service; three are human services agencies. All told, they represent more than 300 programs and a wide spectrum of activities. This includes providing access to high-quality healthcare to millions of children, families, and seniors while exploring new frontiers of biomedical research.


HHS needed security that scales effectively and efficiently to protect more than 150,000 users in multiple departments and locations. These users access billions of sensitive data files and interact with the American public through a variety of websites and other online communication methods. In order to maintain a high level of productivity, HHS needed its systems and data to be consistently clean of malware. Its users needed to be able to take advantage of the available, powerful, modern age, productivity opportunities such as Cloud computing, virtual mobility, and access to social media. However, more than two million online attacks per month are detected trying to infiltrate the systems of large government departments such as HHS. With that in mind, the challenge for HHS, like many government departments, is finding the balance between data security and user access.

Additionally, doctors and researchers from various agencies within HHS handle very sensitive health information on a daily basis.

HHS researchers are constantly networking with other researchers, worldwide, to collaborate on important national and international health issues. Without the right security, this collaboration can be extremely risky. HHS doctors also face concerns that if their systems are breached by data-stealing malware from hackers or hacktivists, it could pose a highly dangerous threat to patient privacy.

It is critical that HHS meet the requirements of the Federal Information Security Management Act (FISMA) and implement the computer systems continuous monitoring security strategy. Not only does it need to meet federal requirements, the IT security staff also needs to respond more rapidly to security issues identified by automated tools.

Finally, HHS recognized that past security solutions were not able to effectively examine web content in real-time. Cyber security companies in the past years have spent too much time remediating the harm caused by malicious software and insufficient time preventing data loss and theft. HHS wanted an advanced security solution that would meet their needs for outbound DLP and DTP.


After extensive testing, HHS invested in Raytheon|Websense TRITON® Web Security which uses real-time, inline security analysis and threat intelligence to defend against advanced malware, blended threats and spam.

Raytheon|Websense is also able to provide HHS with advance level visibility into the movement of their data. Additionally, HHS uses TRITON for a multitude of social media controls – managing the use of Facebook, LinkedIn and other social media websites. HHS networks are up and running on 69 high-power Raytheon|Websense security appliances, all of which are backed by Raytheon|Websense Support.


Since implementing the anti-malware portions of Raytheon|Websense TRITON Web Security, HHS employees can now more safely use the web to serve the U.S. population. Portions of HHS have experienced a 60% reduction in the number of computers that need re-imaging due to malware infections. HHS network stability and usability increased due to reduced malware attacks. HHS expanded its IT services (based in part on savings gained from awarding an enterprise license). HHS trusts the safety and security that Raytheon|Websense offers – enough to now allow employees to use the social web to network with other researchers, share information, and communicate directly with the general public.

The U.S. Department of Health and Human Services has relied on Raytheon|Websense security solutions since 2010.

Download the PDF