One of the components of the National Institutes of Health's All of Us precision medicine research program failed to implement adequate security measures to protect participants' personal health information, according to a new report from the HHS Office of Inspector General.
In an audit of the program, the OIG identified vulnerabilities in the system of Vibrent Health's Participant Technology Systems Center that could have allowed hackers with even limited technical knowledge to gain access to private patient data. The PTSC also failed to encrypt cloud storage offerings, lacked proper policies and procedures to address potential cybersecurity incidents and did not adequately scan its network for such vulnerabilities.
According to the report, upon being notified of the vulnerabilities by the OIG, the NIH and PTSC immediately rectified the issues. The OIG did not find any issues with the other All of Us component audited, Vanderbilt University Medical Center's Data and Research Center.
More articles about health IT:
Phishing attack on Oregon human services department may have exposed 645,000 people
AMCA files for bankruptcy after massive data breach
Verily researchers develop AI algorithm to detect diabetic retinopathy