Tech

IG report: ‘Significant’ vulnerabilities spotted at CMS

Servers used by the U.S. Centers for Medicare and Medicaid Studies, or CMS, carry four known vulnerabilities, each susceptible to cyberattacks, according to an Office of the Inspector General, or OIG, report published Wednesday.

By Chris Bing

August 19, 2016

The Department of Health and Human Services HQ / Photo by Sarah Stierch, access CC 4.0

Servers used by the Centers for Medicare and Medicaid Studies carry four known vulnerabilities that are susceptible to cyberattacks, according to an inspector general report published Wednesday.

“The vulnerabilities that we identified were collectively and, in some cases, individually significant,” the report reads.

A series of wireless network penetration tests conducted by the IG’s office between Aug. 31 to Dec. 4, 2015, identified the software bugs. The report did not provide extensive details concerning the vulnerabilities due to the sensitive nature of the findings.

[Read More: HHS cements Killoran as official CIO]

The report notes that the office has yet to find evidence the vulnerabilities were exploited by hackers. But if hackers were able to breach CMS’ systems, PII could have been stolen and network would have been disrupted, the report indicates.

“Exploitation could have resulted in unauthorized access to and disclosure of personally identifiable information, as well as disruption of critical operations … exploitation could [also] have compromised the confidentiality, integrity and availability of CMS’s data and systems,” wrote Amy Frontz, assistant inspector general for audit services.

CMS has said that the penetration tests were successful due to “improper configurations and [a] failure to complete necessary upgrades.”

Andrew Slavitt, CMS’ acting administrator, wrote in the report that his organization “concurred with all of the OIG findings and has already addressed several of the findings and is … addressing the remaining findings.”

IG report: ‘Significant’ vulnerabilities spotted at CMS

More Like This

Federal CIO calls on Congress to fund Technology Modernization Fund

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

State Department encouraging workers to use ChatGPT

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

More Scoops

How risky is ChatGPT? Depends which federal agency you ask

ARPA-H announces up to $50 million for six health data security projects

ARPA-H looks to strengthen US hospital infrastructure in face of continued cyberattacks

Maximus data breach may have exposed information of 612,000 Medicare recipients, CMS says

GOP lawmakers want additional details on CMS subcontractor breach timeline

HHS, health information networks expect rollout of trusted data exchange next year: Micky Tripathi

Watchdog calls on Census Bureau to improve cyber incident detection and alerting

Latest Podcasts

IG report: ‘Significant’ vulnerabilities spotted at CMS

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition