The Government Accountability Office has released a new report calling for federal agencies to improve their responses to data breaches.
Because the federal government collects large amounts of personally identifiable information from the public, including taxpayer data, Social Security information and patient health information, it is critical federal agencies not only ensure this information is adequately protected from data breaches but also respond swiftly and appropriately when breaches occur, the report said.
According to the report, despite previous reports pointing out many federal agencies' lagging progress in their data breach response effectiveness, agencies continue to struggle to address the required components of an information security program.
In the report, the GAO called for federal agencies to more closely follow key guidelines in security protocols established by the Office of Management and Budget and the National Institute of Standards and Technology.
Looking at specific agencies, the report noted CMS failed on many occasions to document data breach risk levels that determine if affected individuals need to be notified. When CMS did provide a risk level, it often failed to provide a rationale for the risk determination and the number of people affected, according to the report.
To show the importance of the issue, the report noted the number of data breaches reported by government agencies more than doubled since 2009 to 25,566 incidents in 2013, and the number of data breaches involving personally identifiable information increased by more than 140 percent during that time.
The GAO report examined the security practices within the Army, the Internal Revenue Service, CMS, the Department of Veterans Affairs, the Federal Deposit Insurance Corporation, the Federal Reserve Board, the Federal Retirement Thrift Investment Board and the Securities and Exchange Commission.
More Articles on Data Breaches:
Michigan Long Term Care Security Breach Affects 2,595 Patients
170k Additional Victims Notified of Los Angeles County Contractor Data Breach
Billing Service Data Breach Caused by Alleged Identity Thief