Wednesday, September 17, 2014

ACA/Obamacare: GAO Reports that CMS Hasn’t Paid Proper Attention to Security Risks

‘ has continuing security frailties that put users' sensitive personal information at risk, a government watchdog is set to tell Congress this week.

Despite the federal government's efforts to protect the website from breaches, "weaknesses remained in the security and privacy protections applied to and its supporting systems," said the Government Accountability Office.

The agency released a report Tuesday on the security of the site, through which millions of Americans bought coverage under the health law last year and which millions more will be urged to use.

"Until these weaknesses are fully addressed, increased and unnecessary risks remain of unauthorized access, disclosure, or modification of the information collected and maintained by and related systems, and the disruption of service provided by the systems," according to the GAO report, published ahead of testimony to be given at a Thursday hearing of the Republican-led House Oversight and Government Reform Committee.

The warnings come two weeks after the Department of Health and Human Services disclosed that a hacker had broken into part of the site and uploaded malicious software during the summer.’

‘GAO said the CMS failed to ensure system-security plans were complete and was relying on a draft data-use agreement with a contractor tasked with verifying users' identities.

Moreover, the agency skipped some assessments of privacy risks and didn't perform comprehensive security testing of the system that used all of the security controls specified by the government ahead of the site's launch. Testing remained incomplete as of June 2014, GAO said.

The agency also hadn't set up an alternate processing site for systems that would allow them to be recovered in the event of a disruption, the watchdog found.

Other weaknesses included lax enforcement of password-strength requirements and inconsistent application of security patches to the system.

Certain systems supporting the site's infrastructure weren't restricted from accessing the Internet, which increased the risk that unauthorized users could get to data.

Moreover, one of the federal agency's contractors hadn't properly secured its administrative network, which could allow unauthorized access to the system.

Many of the problems stemmed from the agency's disagreements about security roles and responsibilities with the various contractors, states and federal agencies that exchange information as part of the system, the watchdog said.’ - Federal Health Care Website Faces Security Risks, Watchdog Finds, WSJ, 09/16/2014


Link to the entire article appears below:

Update 09/18/2014: Government Insider Warned of Security Risks: ‘I Am Tired of the Cover Ups’,

No comments:

Post a Comment