Tech

Watchdog pen tests find flaws in HHS offices

A series of penetration tests conducted on the Department of Health and Human Services revealed that several of its component offices need to improve their cybersecurity.

By Billy Mitchell

December 20, 2017

A series of penetration tests conducted on the Department of Health and Human Services revealed that several of its component offices need to improve their cybersecurity, according to a report.

The HHS inspector general hired Defense Point Security in fiscal 2016 to pen test four of its 11 operating divisions — offices like the Centers for Disease Control and Prevention, and the Food and Drug Administration, though it didn’t specify in the public report which ones — “to determine whether security controls were effective in preventing certain cyberattacks, the likely level of sophistication an attacker needs to compromise systems or data, and HHS OPDIVs’ ability to detect attacks and respond appropriately.”

Ultimately, the contractor found that “security controls across the four HHS OPDIVs needed improvement to more effectively detect and prevent certain cyberattacks,” specifically keying in on “configuration management and access control vulnerabilities,” the IG report says.

“We shared with senior-level information technology personnel the common root causes for the vulnerabilities we identified,” it explains. “We provided actionable information regarding HHS’s cybersecurity posture, information on common vulnerabilities across OPDIVs, recommendations and strategies to mitigate exploited weaknesses, key indicators to better identify signs of attack or compromise, and lessons learned during testing.”

The IG issued six “observations” to the operating divisions, which they generally concurred with, the report says. The offices since “conveyed that the vulnerabilities identified were corrected or were in the process of being corrected.”

Watchdog pen tests find flaws in HHS offices

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

HHS IT draft strategy aims to connect health data with systems

Top Stories

DOJ seeks public input on AI use in criminal justice system

GSA taps TTS deputy director to take top Login.gov role next month

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

Oracle approved to handle government secret-level data

More Scoops

How risky is ChatGPT? Depends which federal agency you ask

CDC eyeing ‘model cards’ to detail generative AI tool information

ARPA-H launches mobile health program aimed at rural communities

HHS maintains deadline for AI transparency requirements in new tech certification rule

HHS exploring program management office support for departmentwide zero trust implementation

Stumbling blocks abound in federal push to stronger identity and access management, CISA and NSA panel finds

National lab’s mismanagement of property put sensitive information and tech at risk, watchdog states

Latest Podcasts

Watchdog pen tests find flaws in HHS offices

Scientists Must Be Empowered, Not Replaced by AI

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Tech

Defense

Cyber

Acquisition