Per the Federal Information Security Modernization Act of 2014, HHS underwent its annual independent evaluation of its information security program and practices.
The audit found HHS continues to implement changes to improve its information security program. The audit also identified opportunities for HHS to strengthen its security program.
Currently, HHS is inching toward implementing a department-wide continuous diagnostics and mitigation program with the Department of Homeland Security, which the auditor predicts will improve HHS' information security maturity.
Weaknesses were found in the agency's risk management, configuration management, identity and access management, data protections and privacy, security training, information security continuous monitoring, incident response, and contingency planning.
More articles about cybersecurity:
EmCare says February email breach exposed some patient, contractor and employee data
Maine hospital breaches HIPAA by emailing the names of 300 patients taking Suboxone to newspaper
Scammers pay for DNA swabs, health insurance information to defraud CMS