Government Accountability Office

The United States Government Accountability Office (GAO) recently completed and published a study on electricity grid cybersecurity that concluded that the Department of Energy (DOE) needs to ensure its plans fully address risks to electricity distribution systems.

The GAO completed two prior studies of the generation and transmission functions of the electricity grid and found

On October 5, 2018, President Trump signed the Federal Aviation Administration (FAA) Reauthorization Act which establishes new conditions for the recreational use of drones and immediately repealed the Special Rule for Model Aircraft. The FAA is currently evaluating the impact of this change and how the organization will implement these changes.

In addition to continuing

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only guidance we have been receiving is in the form of Resolution Agreements and Corrective Action Plans, and hefty fines accompanying them.

The Government Accountability Office (GAO) recently finished a study of HHS/OCR’s cybersecurity infrastructure to see if it was consistent with NIST standards.

The Report notes that health care entities are struggling to select appropriate privacy and security controls for their organizations, and HHS is not offering enough help to those organizations. Although OCR published two tools to assist covered entities and business associates with risk assessments, according to the GAO, those tools do not provide enough detailed information for covered entities and business associates to determine the cybersecurity activities that must be performed. The Report noted that the NIST framework has 98 subcategories for security controls, while the OCR Toolkit only addresses 19 of the 98 subcategories. According to the GAO, these gaps in the OCR’s guidance could lead to incomplete risk assessments.


Continue Reading GAO Study Slams HHS For Lack of Guidance to Covered Entities

A recent Government Accountability Office report outlined vehicle cybersecurity concerns, outlining that hackers can penetrate the technology of vehicles in both long range and short range attacks, including targeting Bluetooth controls. These car hackings allow the hackers to access steering, brakes, telematics and critical controls of cars.

Just to put the threat in context, it

A Government Accountability Office (GAO) examination of the state-run health insurance exchanges for California, Kentucky and Vermont identified inadequate security measures in place to protect consumers’ personal information. While state officials from Kentucky and California denied that any security breaches had occurred or that any personal data had been compromised as a result of the