“The National Institutes of Health (NIH) is in the process of working through a long list of network security fixes recommended by the Government Accountability Office (GAO) earlier this year, but doesn’t expect to get done with addressing all of those until the end of 2022.”
“That’s the top-line news from a new a report from GAO that found numerous control and program deficiencies in NIH’s core security functions.”
“In June 2021, GAO was asked to evaluate cybersecurity at NIH, and following that the government watchdog agency made 219 recommendations – 66 regarding security programs and 153 related to system controls – to address deficiencies.”
“Amongst its numerous tasks, NIH is responsible for conducting research on the prevention of infectious diseases such as COVID-19, administering over $30 billion annually in medical research grants, and supporting research on pathogens. To successfully carry out its mission, ‘NIH relies extensively on information technology systems to receive, process, and maintain sensitive data. Accordingly, effective information security controls are essential to ensure the confidentiality, integrity, and availability of the agency’s systems,’ the GAO report says.”
“’These deficiencies increased the risk that sensitive research and health-related information could be disclosed or disrupted,’ the public report states…” Read the full article here.
Source: NIH Working on Long List of Tech Security Fixes Based on GAO Findings – By Lisbeth Perez, December 13, 2021. MeriTalk.
