HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews > Current News Phoenix Health Systems
news
regs
action
tech
views
wares
alert
live
notes
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Report Finds Numerous Security Holes at HCFA

In an inspector general report released yesterday, the Health Care Financing Administration (HCFA) was cited for numerous security weaknesses in their electronic data processing. The report did not identify any actual compromise of the Medicare beneficiary data held by HCFA.  Full report.

Representative Billy Tauzin (R-LA), Chairman of the House Committee on Energy and Commerce pledged in a statement Thursday to determine if any compromise had occurred and to focus attention and resources on the security problem.

Full text of Rep. Tauzin's statement follows:

Tauzin Delivers Statement On Cyber-Security

Vulnerabilities At Federal Agencies

Washington (April 5) – Energy and Commerce Committee Chairman Billy Tauzin (R-LA) is scheduled to deliver the following remarks today at an Oversight and Investigations Subcommittee hearing on the state of cyber-security within federal agencies:

“Thank you, Mr. Chairman, for holding this important hearing today on the inadequacy of Federal efforts to protect our nation’s critical cyber infrastructure and the vast amounts of sensitive data stored on Federal computer systems.

“I don’t think that many people realize the extent to which our Federal civilian agencies collect and store such sensitive information -- whether it is medical, financial or otherwise personal information of American citizens, confidential or proprietary data from America’s corporations, cutting-edge scientific research or export-controlled information, or even sensitive law enforcement data. Nor do most people realize the extent to which we as a nation have become so dependent on these computer systems to assure our national and economic security. And I think it would come as quite a surprise for most Americans to learn the extent to which these Federal civilian agencies are the target of attacks by foreign and domestic sources bent on espionage or other malicious actions.

“Faced with this serious challenge, the Federal government has not performed well. This Committee’s oversight continues to reveal troubling computer security deficiencies across the Federal government, deficiencies that place critical services and sensitive data at significant risk of compromise. Here, the connection between security and the privacy of American citizens cannot be ignored. A recent inspector general audit of the Health Care Financing Administration and several of its Medicare contractors -- which the Committee is releasing publicly today -- found numerous system control weaknesses that permitted unauthorized access to sensitive beneficiary information. While we don’t know today whether such information was in fact compromised, we certainly intend to find out. This is an issue of great importance to the American people, and one
that this Committee will take a closer look at in the coming weeks.

“The Clinton Administration talked a great deal about cyber-security and critical infrastructure protection over the past several years, holding presidential summits and issuing presidential directives. The Administration said the Federal government would serve as a model of good security practices for the private sector -- which controls much of our nation’s critical infrastructure -- to follow. But, despite all the rhetoric, photo ops, and paper exercises, the bad news continues to roll in, with each GAO review, with each inspector general audit, with each congressional oversight hearing, with each day’s newspapers, and with each real-world test of the government’s computer security -- no matter how recent.

“For example, two reports released this year show how little progress Federal agencies have made in protecting our critical cyber assets in the three years since the President issued PDD 63. Essentially, we’re still in the process of identifying our critical assets and their interdependencies, which raises the question – how can we adequately protect our most critical cyber systems if we haven’t even identified them all yet?

“This is not to say that there have been no improvements in this area – certainly there have been some, particularly at those agencies that have felt the sting of public embarrassment. But, overall, we are barely treading water. Unless we get serious about this effort, we will never keep up with the rapid advances of technology in this area, which continually reveal new ways to attack cyber systems. In this increasingly inter-connected world, we’re either going to prioritize our resources better to meet this challenge -- something that, to date, Congress has not forced the agencies to do -- or we’re going to find ourselves in deep, deep trouble.

“This Committee has both the responsibility and authority to conduct oversight as to whether our nation’s critical and sensitive computer systems are being adequately protected. We intend to continue doing our part to raise awareness, and to focus attention and resources, on this increasingly important problem. Thank you, again, Mr. Chairman, and I yield back the balance of my time.”

Go to TOP