OIG finds vulnerabilities in HHS cybersecurity controls, detection—report
March 14, 2019 / Heather Landi
There are security gaps across U.S. Department of Health and Human Services networks that put systems and data at risk of a cyber attack, according to a report (PDF) from the Office of the Inspector General. OIG conducted a review of security controls across eight HHS operating divisions using network and application penetration testing to evaluate how well HHS systems were protected when subject to cyber attacks. During testing in 2016 and 2017, an outside cybersecurity firm working with OIG identified vulnerabilities in configuration management, access control, data input controls, and software patching, according to OIG’s summary report.