According to a new Government Accountability Office (GAO) report, the computer system at the Centers for Medicare and Medicaid Services (CMS)has weaknesses that could result in unauthorized disclosures of medical records. (Source)
Former CMS administrator Mark McClellan, who left his position last weekend, told the Associated Press that the GAO didn’t find evidence of compromised records, and that “we appreciate GAO’s assistance in identifying important opportunities for the contractor to strengthen network security.â€
Here are some vulnerabilities the GAO found:
- Inadequate ability to identify and authenticate users who manage the network;
- Inadequate control of network access and privileges;
- Inadequate ability to protect the network from external attacks; and
- Inadequate audit trails to determine the source of transactions within the network.