Pen Testing of HHS Units Reveals Weaknesses

March 14, 2019 Mayuri Kumar

Operating divisions of the Department of Health and Human Services need to shore up security controls to more effectively detect and prevent certain cyberattacks, according to a new federal watchdog report.

In a summary report issued Wednesday, the HHS Office of Inspector General highlighted several security controls that need improvement across eight HHS operating divisions. The weaknesses included configuration management, access control, data input controls and software patching, the report notes. Similar concerns have been raised in previous OIG reports.

The OIG report is based on findings from a series of audits in fiscal years 2016 and 2017 at eight unnamed HHS operating divisions. Network and web application penetration testing was conducted by a third-party contractor to determine how well HHS systems were protected when subject to cyberattacks, the study notes.

Mac McMillan's comments are featured in this article.

Previous Article
The Future of Healthcare Security
The Future of Healthcare Security

The start of a new year causes us to reflect on the past year and determine both the current state of the i...

Next Article
States Ascendant in Standards for Data Privacy and Cybersecurity: How to Prepare
States Ascendant in Standards for Data Privacy and Cybersecurity: How to Prepare