Marianne Kolbasuk McGee reports:
The Department of Health and Human Services’ information security program has received a “not effective” rating as a result of several weaknesses found in an annual review of compliance with the Federal Information Security Management Act of 2014.
The HHS Office of Inspector General report is based on an audit conducted last year by Ernst & Young LLP, which reviewed HHS’ compliance with FISMA during fiscal 2018.
Read more on DataBreach Today.
I know, I know…. you’d hope that the agency that is going to enforce security standards over other entities would have their own act together. There’s probably something to be learned from all this.