Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Newsroom

Employee Profile: Kofi Ansah-Brew

Media Contact

media@oig.hhs.gov
202-619-0088

Safeguarding America’s Health Systems in Cyberspace

In recent years, heightened cyberattacks against American health systems have impacted hundreds of millions of patients, providers, and payers. In 2023, alone, cyberattacks on health infrastructure nearly doubled from 2022. The Office of Inspector General for Health and Human Services (HHS-OIG) is committed to raising awareness on threats in cyberspace. On the forefront of the fight against the exploitation of sensitive health data by bad actors is Kofi Ansah-Brew, a Cyber Security Auditor in HHS-OIG’s Office of Audit Services’ Cybersecurity and Information Technology (IT) Audit Division (CITAD).

Kofi Ansah-Brew
Kofi Ansah-Brew

In his role, Kofi conducts IT and Cybersecurity audits of HHS programs, operations, grantees, and contractors to identify vulnerabilities in system operations and develop recommendations for enterprise divisions to prevent potential wrongdoing of cyber criminals. This work is critical for the security and continuity of care across the nation’s health systems.

Kofi currently serves as the Vulnerability Management Lead and Information Systems Security Engineer for CITAD.  The CITAD environment plays a crucial role in supporting OIG’s cyber assessment training, cyber threat hunting, intelligence research, and serves as a platform for penetration testing and cyber threat hunting for HHS and various operating divisions’ systems.  Kofi enjoys the combination of technical tasks involved in addressing vulnerabilities and the risk management aspects of governance and compliance, finding a rewarding balance between the two.

Recently, in conducting a cloud audit series, the CITAD team published a report examining the cloud information systems of the Administration for Children and Families (ACF), an HHS division that operates 60 programs promoting the well-being of children and families. The audit revealed gaps in cloud and web application technical testing techniques, resulting in a higher risk of system compromise. The team’s finding resulted in HHS-OIG recommendations for improvements in ACF security controls, including remediating vulnerabilities and using cloud security assessment tools to identify weak controls. ACF concurred with the recommendations and took action to address them.

Since a young age, Kofi has been interested in technology. From watching CyberChase on PBS to running to the computer lab while in third grade. In high school, he was a part of the CISCO Networking Academy, where he achieved his first IT certification. Soon after, he was first introduced to cybersecurity. During the summer of his junior year of high school, his parents signed him up for the Cyber Defense Training Camp at the University of Maryland. For the handful of high schoolers selected across the country, this camp was an intensive program with hands-on experience in Computer Networking and Ethical Hacking. It also featured lectures and classes from renowned cybersecurity professionals from the National Security Agency. “Before attending that summer camp, I assumed ‘cybersecurity’ was simply someone in a dark basement hacking all day. The camp broadened my perspective. I immediately saw myself wanting to enter that career one day.”

With quite the full circle moment, Kofi later attended the University of Maryland, College Park, where he received his undergraduate degree in Information Science. He also received a minor in Cybersecurity through the Advanced Cybersecurity Experience for Students (ACES) Honors Program. During his time in university, he gained a host of field experience in student work opportunities and internships by way of his involvement as a CyberCorps Scholarship for Service Scholar, which enabled him to solve real-world cybersecurity matters affecting critical aspects of government programs.

Among his accomplishments are internships serving in the National Oceanic and Atmospheric Administration’s (NOAA) Office for Coastal Management Division of Information Technology and System Administration Support and Computer Incident Response Team, as well as the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Security Division - Operational Collaboration. A notable success from this time is his contribution to the improvement of the user experience and collaborative capabilities of the Homeland Security Information Network (HSIN) Communities of Interests (COIs), a national secure and trusted Web-based portal for information sharing and collaboration among federal, state, local, tribal, territorial, private sector, and international partners engaged in the homeland security mission.

Prior to joining HHS-OIG in 2022, Kofi served as a Lead for Government Engagement of the National Initiative for Cybersecurity Education (NICE), National Institute of Standards and Technology (NIST). There, he collaborated with local, state, and federal government partners to further best practices in cybersecurity education, training, and workforce development. Furthermore, he represented NICE/NIST on the Chief Information Officer (CIO) Council, CIOC IT Workforce Committee and NICE Interagency Coordinating Council.

Given the overlap of work between NIST and HHS-OIG’s Services’ Cybersecurity and Information Technology (IT) Audit Division, Kofi found the work of auditing to be a great next step for him. “Transitioning from working for the organization that develops the policy to an organization that actively enforces the policy through accountability was incredible. A rare opportunity for someone like me, who is only at the beginning of his career,” Kofi mentioned when discussing his interest in transitioning to the agency. He noted his goal is to become a Chief Information Security Officer for an organization one day, and that the skills he will develop in analyzing potential factors and vulnerabilities that may cause cyberattacks in programs across an enterprise will provide him with the knowledge needed to perform effectively in the role in the future.

When it comes to lessons learned, mentioned the following: “Although I am at the start of my career, I have worked with many teams. I have found that collaboration is truly one of the most important factors in cybersecurity. We all bring something different to the table; defenders, penetration testers, policy makers, auditors etc. All the pieces are needed to create a successful cybersecurity posture.”

Kofi also discussed his passion for helping others understand cybersecurity and noted that it is important for everyone to learn about how they can safely operate in the technology sphere. “I believe that humanizing information technology is important because it allows us to connect the work we do to the public,” he stated. Diving deeper to say, “As technology continues to progress, it becomes easier for threats to evolve. For example, as recent artificial intelligence software programs have surfaced, everyday people can create code without any experience and use it to cause harm. Educating people on how to safely use technology is incredibly important to ensure our nation is protected.”