The House of Representatives Energy and Commerce Committee issued a report late last week that the information security of the Department of Health and Human Services (HHS) has substantial weaknesses. Several incidents that occurred between 2012 and 2014 indicated that several agencies were compromised or attacked without the agency’s knowledge.
In one instance, the report criticized the FDA’s ability to mitigate low level threats, leaving it vulnerable to more sophisticated cyber-attacks. This in the wake of the FDA issuing hacking alerts about medical devices and HHS enforcing security lapses of health care providers. The government criticizes and commences enforcement proceedings against businesses and health care providers for lax security measures, but reports such as this show that the government is having a difficult time with security, just like everyone else.