Cybersecurity Modernization Initiative

September 15, 2021

NIOSH recognizes the hardship that a delay in radiation dose reconstructions and claims processing has placed on claimants and their families. We are working diligently to improve the processes needed to achieve steady-state production and timely claims processing. Earlier this year, a routine scan of the code for the system used for dose reconstruction revealed security concerns. The system could no longer be updated to meet current cybersecurity requirements. Due to the sensitive claimant information needed to conduct radiation dose reconstructions and the potential risk for a data breach, NIOSH management made the difficult decision to pause the program.

We continue to develop new, more secure automation and data management capabilities to protect the sensitive data within the system and the privacy of claimants. While it was estimated to take two to four months, unforeseen challenges arose in aligning the DOL and CDC IT environments. NIOSH resolved these challenges and is now exchanging files with DOL within a secure workspace. We are making every effort to address the backlog of claims as quickly as possible by reassigning staff and adding additional resources. Dose reconstructions for claimants with terminal diagnoses continue even during the pause and remain our highest priority.

DCAS developed the FAQs: Cybersecurity Modernization Initiative page on our website to help answer questions about this review. If you have more questions that are not covered on the FAQs page, please visit the Contact Us page for information about how to reach us during this effort.

September 3, 2021

We are working diligently to complete the first phase of the data security modernization initiative and restore the functions put on pause in May 2021. As of September 3, 2021, we are testing new technology that allows for secure data transfer between DCAS, DOL, and the Department of Energy (DOE).

This data transfer includes:

  • new or rework case referrals from DOL,

  • completed dose reconstructions to DOL, and

  • individual and site-specific dosimetry information from DOE.

Once these core functions have been restored, work will temporarily proceed at a slower pace. Claims processing will increase as new automation and data management capabilities are implemented through late January 2022. We expect that DCAS will have full functionality by the end of June 2022.

DCAS updated the FAQs: Cybersecurity Modernization Initiative page on our website to help answer questions about this review. If you have more questions that are not covered on the FAQs page, please visit the Contact Us page for information about how to reach us during this effort.

May 3, 2021

The Department of Labor (DOL) manages the Energy Employees Occupational Illness Compensation Program Act of 2000 (The Act/EEOICPA). Current and former workers in the Nation’s nuclear weapons program, or their survivors, can file claims for compensation if they believe they have an illness due to workplace exposures to hazardous substances or radiation.

Under the Act, the National Institute for Occupational Safety and Health (NIOSH), through our Division of Compensation Analysis and Support (DCAS), provides scientific support for claims through our Radiation Dose Reconstruction Program. DCAS completes radiation dose reconstructions for workers with cancer due to radiation exposure and evaluates Special Exposure Cohort (SEC) petitions.

As part of NIOSH/DCAS’ work completing dose reconstructions and evaluating SEC petitions for workers covered under the Act, the program receives sensitive information.

This sensitive information includes:

To make sure that all personal data associated with the program receives the highest standards of cybersecurity protection, we are taking steps to continue to modernize and secure our data, applications, and systems.

Recent cybersecurity breaches have highlighted the threat of external attacks on federal government data systems. For this reason, we review and update our data, applications, and systems that serve our claimants. This ensures the continued protection of sensitive personal data. We must pause some functions of our program during this review. DCAS is committed to completing this work as quickly as possible.

Effective May 3, 2021, there will be a pause in some data transfers between DCAS, DOL, and the Department of Energy (DOE) as we proceed with the important cybersecurity modernization.

This includes a hold on:

  • receiving new or rework case referrals from DOL,
  • returning completed dose reconstructions to DOL, and
  • receiving individual and site-specific dosimetry information from DOE.

This pause is estimated to last two to four months. DCAS will provide regular updates during this period on our website. We anticipate most of the program’s core functions will resume after the review is completed.

During this vital cybersecurity modernization initiative, we will continue to prioritize SEC petitions. Also, our contractor, Oak Ridge Associated Universities, will continue to process the dose reconstructions already in the system.

We appreciate your patience as we complete this important review. Protecting our sensitive data is a top priority. Our efforts will enhance our data security for many years to come.

DCAS developed the FAQs: Cybersecurity Modernization Initiative page on our website to help answer questions about this review. If you have more questions that are not covered on the FAQs page, please visit the Contact Us page for information about how to reach us during this effort.

Page last reviewed: June 15, 2021