Advertisement

Watchdog pen tests find flaws in HHS offices

A series of penetration tests conducted on the Department of Health and Human Services revealed that several of its component offices need to improve their cybersecurity.

A series of penetration tests conducted on the Department of Health and Human Services revealed that several of its component offices need to improve their cybersecurity, according to a report.

The HHS inspector general hired Defense Point Security in fiscal 2016 to pen test four of its 11 operating divisions — offices like the Centers for Disease Control and Prevention, and the Food and Drug Administration, though it didn’t specify in the public report which ones — “to determine whether security controls were effective in preventing certain cyberattacks, the likely level of sophistication an attacker needs to compromise systems or data, and HHS OPDIVs’ ability to detect attacks and respond appropriately.”

Ultimately, the contractor found that “security controls across the four HHS OPDIVs needed improvement to more effectively detect and prevent certain cyberattacks,” specifically keying in on “configuration management and access control vulnerabilities,” the IG report says.

“We shared with senior-level information technology personnel the common root causes for the vulnerabilities we identified,” it explains. “We provided actionable information regarding HHS’s cybersecurity posture, information on common vulnerabilities across OPDIVs, recommendations and strategies to mitigate exploited weaknesses, key indicators to better identify signs of attack or compromise, and lessons learned during testing.”

Advertisement

The IG issued six “observations” to the operating divisions, which they generally concurred with, the report says. The offices since “conveyed that the vulnerabilities identified were corrected or were in the process of being corrected.”

Billy Mitchell

Written by Billy Mitchell

Billy Mitchell is Senior Vice President and Executive Editor of Scoop News Group's editorial brands. He oversees operations, strategy and growth of SNG's award-winning tech publications, FedScoop, StateScoop, CyberScoop, EdScoop and DefenseScoop. After earning his degree at Virginia Tech and winning the school's Excellence in Print Journalism award, Billy received his master's degree from New York University in magazine writing.

Latest Podcasts