HCFA ‘s Computer Systems ‘Vulnerable’ to Hackers
"[S]ignificant security weaknesses" within HCFA's computer system are potentially putting medical records and "billions of dollars" at risk, the AP/Raleigh News & Observer reports. Computer security experts are expected to testify today before a House oversight subcommittee about the computer system and what measures are necessary to ensure the system is "secure from hackers." Such experts will tell committee members that HCFA "lacks enough computer security personnel to oversee the agency's many contractors and maintain the integrity of its networks," the AP/News & Observer reports. Between 1997 and 2001, HCFA paid En Garde Systems and other security companies to test its computer networks. En Garde was able to "break into" HCFA's internal network "without any more technical expertise than it takes to point and click." En Garde's Michael Neuman said that if hackers attacked the system in the same way, it "could put millions of medical records and billions of dollars at risk." Allied Technology, which also tested the system, found that passwords were often "blank, easily cracked and poorly managed." A member of HCFA's inspector general's office said the agency was aware of the problems, as the office had cited 124 system "weaknesses" in a February report; however, officials do not know if anyone has ever broken into the system. HCFA Assistant Inspector General Joseph Vengrin said, "While all of these weaknesses are troubling, we do not know whether the resulting vulnerabilities have been exploited in terms of compromised medical information, fictitious Medicare claims, diversion of taxpayer dollars, or some other type of fraud or abuse by an 'insider' or a hacker" (AP/Raleigh News & Observer, 5/22).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.