A report released Tuesday by the nonpartisan Government Accountability Office found HealthCare.gov is still not fully secure.
"While CMS has taken steps to protect the security and privacy of data processed and maintained by the complex set of systems and interconnections that support HealthCare.gov, weaknesses remain both in the processes used for managing information security and privacy as well as the technical implementation of IT security tools," reads an abstract of the report.
Such shortcomings highlighted in the abstract include requiring strong password controls, adequately restricting access to the Internet, implementing software patches and configuring an administrative network.
The report suggests such weaknesses still remain in part because CMS "did not and has not yet ensured a shared understanding of how security was implemented for the Federally Facilitated Marketplace among all entities involved in its development."
In early September, HHS reported that hackers had successfully accessed a HealthCare.gov server in July and uploaded malicious software. The breached server was only used for testing, so none of the more than 5 million Americans with personal information on the servers was affected.
More articles on cybersecurity:
5 basic steps to health IT cloud security
FBI: Hackers are targeting healthcare organizations
How Boston Children's Hospital defended against a cyberattack