“The information security program of the Department of Health and Human Services, including four operating divisions, was determined to be ‘not effective’ by the Office of the Inspector General.”
“The watchdog recently completed its annual Federal Information Security Management Act (FISMA) audit of HHS, the Food and Drug Administration, Centers for Medicare and Medicaid Services, and the National Institutes of Health. OIG officials evaluated the operating divisions to determine compliance with the federal regulation.”
“Officials analyzed the HHS security program against the selected operating divisions’ policies, other standards and guidance issued by HHS, performance measures, personnel interviews, and inspected selected artifacts.”
“The audit determined that while HHS, FDA, CMS, and NIH continues to work toward strengthening its security program, the agencies’…” Read the full article here.
Source: OIG Finds Ineffective Data, Network Security at HHS, FDA, CMS, NIH – By Jessica Davis, April 23, 2019. Health IT Security.
