HHS Fails To Fix Cybersecurity Vulnerabilities, Putting PHI At Risk
Health IT Security July 27, 2018
HHS has failed to remedy cybersecurity vulnerabilities in its systems that could put PHI at risk, warned the GAO in a report released July 25.
The GAO cited problems at CMS that threaten to compromise Medicare beneficiary data and the privacy of users’ data on state-based marketplaces.
In addition, HHS had not fully addressed key security elements in its guidance for protecting the security and privacy of electronic health information, GAO noted.
These failures to act are not just an issue with HHS. Across federal agencies, GAO has since 2010 made more than 3,000 recommendations to agencies to address cybersecurity shortcomings. As of July 2018, about 1,000 still needed to be implemented.
“Until these shortcomings are addressed, federal agencies’ information...