Audit: HHS Info Security Program ‘Not Effective’

Marianne Kolbasuk McGee reports:

The Department of Health and Human Services’ information security program has received a “not effective” rating as a result of several weaknesses found in an annual review of compliance with the Federal Information Security Management Act of 2014.

The HHS Office of Inspector General report is based on an audit conducted last year by Ernst & Young LLP, which reviewed HHS’ compliance with FISMA during fiscal 2018.

Read more on DataBreach Today.

I know, I know…. you’d hope that the agency that is going to enforce security standards over other entities would have their own act together. There’s probably something to be learned from all this.

Two U.K. teenagers appear in court over Transport of London cyber attack
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Data breach in 42 Latvian municipalities: DVI imposes 300,000 euro fine on ZZ Dats
Confidence in ransomware recovery is high but actual success rates remain low
Kaufman County's data breach was their second one in three weeks
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach

Related: