HealthCare.gov audit reveals 'critical' cybersecurity risks

A federal audit has found the health records of millions of HealthCare.gov users have been stored in a computer system with basic security flaws, according to an Associated Press report.

MIDAS, the $110 million electronic database used to store the information of registered HealthCare.gov users, does not include medical information, but does contain Social Security numbers, names, birth dates and phone numbers.

The flaws, uncovered by HHS auditors, included 135 database vulnerabilities, some of which were labeled potentially severe or catastrophic. Security lapses ranged from unencrypted user sessions and failure to conduct automated vulnerability scans to software bugs.

The Medicare agency is now conducting weekly MIDAS vulnerability assessments and has addressed all of the auditor's findings within a week of their identification, according to a statement from Medicare administrator Andy Slavitt.

More articles on health IT:
Mayo Clinic CISO Jim Nelms resigns
Cybersecurity: No silver bullet for healthcare's insider/outsider threats
GAO report: CMS won't know ICD-10 readiness until code processing begins

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months