HHS finds vulnerabilities in cybersecurity testing

Since issuing cybersecurity vulnerability tests within HHS networks, the Office of Inspector General is instating ongoing cybersecurity audits, according to Fedscoop.

During fiscal year 2016-17, the OIG hired Defense Point Security, an Accenture Federal unit, to conduct cybersecurity tests. While the methods are unknown, the company conducted penetration testing in eight of HHS's 11 operating divisions.

Cybersecurity issues were found across the board.

"During testing, we identified vulnerabilities in configuration management, access control, data input controls and software patching," the report states, according to Fedscoop.

Since the testing, HHS is implementing recommendations and suggestions from the report to remove the cybersecurity vulnerabilities. Each department has received specific instructions on the issues it needs to fix.

"We have initiated a new series of audits looking for indicators of compromise on HHS and OPDIV systems to determine whether an active threat exists on HHS networks or whether there has been a past breach by threat actors," the summary says.

The most recent testing doubled the number of departments tested from previous cybersecurity tests.

More articles on cybersecurity:
National Science Foundation awards $1M to Massachusetts university for translational research
Update: 5 more hospitals affected by vendor data breach
Ransomware attack affects 15,000 patients at Michigan health system

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers