Eight federal agencies, including HHS, have failed to meet basic cybersecurity benchmarks for the past 10 years, according to a report from the U.S. Senate's Permanent Subcommittee on Investigations and cited by cleveland.com.
The committee analyzed 10 years of cybersecurity reports from the federal departments of Agriculture, State, Homeland Security, Transportation, Education, HHS, Housing and Urban Development as well as the Social Security Administration.
All eight agencies are using legacy systems that are no longer supported by vendors with security updates, resulting in information collected about citizens to be vulnerable to cyberattacks.
Seven of the agencies failed to have adequate protection of personally identifiable information. Six agencies didn't install security patches in timely manners. Five agencies failed to maintain accurate and comprehensive information technology asset inventories, the investigation found.
In 2017, the federal agencies reported 35,277 cybersecurity incidents.
"While some federal agencies appear to have made progress in recent years, this report makes it clear that there is still much work to be done," said Sen. Tom Carper, D-Del.
More articles about cybersecurity:
UMass Memorial Health Care alerts 4,600 patients of phishing attack
Cybersecurity issue and trends on the horizon: 3 Qs with Edward Elmhurst Healthcare CISO Don Fosen
Don’t overlook cybersecurity training — Why Lake Chelan Community Hospital CIO created his own cyber program