GAO: CMS IT security lacking
The Centers for Medicare & Medicaid Services (CMS) has numerous holes in its information infrastructure, putting at risk the security of sensitive CMS financial and medical information when it was transmitted across the network, according to the Government Accountability Office (GAO). GAO was commissioned by Congress to assess the effectiveness of information security controls over the communication network used by CMS. Major security holes in the network, according to GAO, included not always ensuring that unauthorized access to sensitive computing resources and devices was preventable; CMS had numerous vulnerabilities relating to user identification and authentication; and the agency had weaknesses in ensuring the secure configurations of network devices.