Pen Testing of HHS Units Reveals Weaknesses

March 14, 2019 Mayuri Kumar

Operating divisions of the Department of Health and Human Services need to shore up security controls to more effectively detect and prevent certain cyberattacks, according to a new federal watchdog report.

In a summary report issued Wednesday, the HHS Office of Inspector General highlighted several security controls that need improvement across eight HHS operating divisions. The weaknesses included configuration management, access control, data input controls and software patching, the report notes. Similar concerns have been raised in previous OIG reports.

The OIG report is based on findings from a series of audits in fiscal years 2016 and 2017 at eight unnamed HHS operating divisions. Network and web application penetration testing was conducted by a third-party contractor to determine how well HHS systems were protected when subject to cyberattacks, the study notes.

Mac McMillan's comments are featured in this article.

Previous Article
Unsecure Fax Server Leaked Patient Data

Next Article
Keeping Up with the Changes in Health Tech
Keeping Up with the Changes in Health Tech