A test of CMS' data centers found four vulnerabilities in security controls in its wireless networks, some of which were deemed "significant."
The Office of Inspector General conducted a wireless penetration test of CMS' data centers to determine whether CMS' security controls were effective.
Overall, the OIG found CMS has security controls effective in preventing certain types of wireless cyberattacks, but there were four weaknesses in those controls. CMS indicates those vulnerabilities were due to improper configurations and failure to complete necessary upgrades.
The OIG found no evidence those vulnerabilities had been exploited, but exploitation could have resulted in unauthorized access to and disclosure of personally identifiable information, as well as exploiting the integrity and availability of the data systems, according to the report.
The report does not outline the vulnerabilities in its public report due to the sensitive nature of the information, but the OIG provided more detailed information and recommendations to CMS to address the vulnerabilities.
"CMS appreciates the OIG's suggestion of controls and processes that could be improved to further reduce or mitigate risk," according to CMS' comments to the OIG. "CMS concurred with all of the OIG findings and has already addressed several of the findings and is in the process of addressing the remaining findings."
More articles on health IT:
Wikileaks accused of publishing sensitive medical records
CommonWell members to allow patients direct access to health data
Health IT tip of the day: Align access policy with process across your organization