OIG Identifies Data Security Vulnerabilities Within HHS Agencies

May 11, 2015 in News

Last week, HHS’ Office of Inspector General released reports that found several data security vulnerabilities at two divisions of HHS, Healthcare IT News reports.

Office of Information Technology Infrastructure and Operations Report Details

For its report on HHS’ Office of Information Technology Infrastructure and Operations, OIG interviewed security personnel, analyzed ITIO procedures and policies and tested office security controls in fall 2013.

ITIO is tasked with providing network and IT security services to several HHS agencies.

The report identifies several IT deficiencies, including issues with:

  • Antivirus management;
  • Configuration management;
  • IT asset tracking; and
  • USB port control access.

In addition, OIG identified patch management control issues, including “some vulnerabilities that, if exploited, could have led to unauthorized disclosure, modification or unavailability of critical data.” Officials did not specifically identify those vulnerabilities because of security concerns, according to Healthcare IT News (McCann, Healthcare IT News, 5/6).

Health Resources and Services Administration Report Details

For its report on Health Resources and Services Administration, OIG analyzed selected agency IT security controls that were current as of December 2013 and performed fieldwork from January 2014 to July 2014 (Snell, Health IT Security, 5/5).

HRSA had a database of about 22 million individuals to whom the agency helps provide health care services (Healthcare IT News, 5/6).

In the report, OIG identified six data security vulnerabilities that needed improvement, including issues with:

  • Antivirus management;
  • Enforcement of encryption policies;
  • Logical access;
  • IT asset tracking; and
  • USB port control access.

OIG also found patch management control issues that it said included vulnerabilities with the potential for data to be inappropriately accessed or altered.

According to the report, HRSA agreed with 17 of the 18 recommendations provided by OIG, while it partially agreed with one recommendation. In addition, it described steps it had taken and plans it had to address the issues (Health IT Security, 5/5).

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/eDe_NnutTDQ/hhs-oig-identifies-data-security-vulnerabilities-within-hhs-agencies

Be Sociable, Share!
Bookmark and Share

Leave a reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>