House panel finds cybersecurity dangers at HHS

A U.S. House committee examination of HHS and FDA information system security revealed that five divisions within the organizations have been breached in the last three years using "unsophisticated means."

The report addresses several points of concern about how the HHS and FDA have handled those recent data breaches, including the following.

• Information security officials were not always permitted full visibility into their own networks as a result of their relationship with agency contractors.
• Two data breaches in two different operating divisions resulted from misconfigurations.
• Officials in one operating division misidentified a list of hacker aliases as a list of security vulnerabilities.
• Officials at two operating divisions were unable to provide accurate information about security incidents within their own networks.

"Of concern to the committee, officials at the affected agencies often struggled to provide accurate and sufficient information on the security incidents during the committee's investigation," the authors wrote.

The authors concluded their investigation demonstrates placing operations and security oversight within the same office can mean sacrificing security for operations.

More articles on health IT:
Security threats keeping you up at night? 4 considerations for hospital leaders
HHS: Guidance on HIPAA basics
Cost of data breaches in 2015 surpasses overall federal IT investment

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months