• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Spotlight   »   Report: HHS lacking general IT security controls

Report: HHS lacking general IT security controls

  • Posted on:May 24, 2011
  • Posted in:Spotlight
  • Posted by:
    Trend Micro
0

In recent audit, the U.S. Office of Inspector General found that the Office of the National Coordinator for Health IT and, by extension, the Department of Health and Human Services, lacks the standards to protect patient information adequately.

The finding is a bit ironic, as the HHS is responsible for issuing sanctions to healthcare providers that fail to enact effective data protection practices.

According to the OIG's report, the ONC HIT has established IT security controls to address specific situations, such as the implementation of electronic health records. However, the OIG asserted that the ONC HIT is not taking the big picture into account and lacks standards that include more general IT security controls.

In its report, the OIG suggested that if these shortcomings are not addressed, the general HIT security controls may be adversely affected.

"We found a lack of general IT security controls during prior audits at Medicare contractors, State Medicaid agencies and hospitals," the report stated. "Those vulnerabilities, combined with our findings in this audit, raise concern about the effectiveness of IT security for HIT if general IT security controls are not addressed."

The OIG recommended the ONC broaden its security focus to include more general controls that support systems, networks and infrastructure. Additionally, the report stated that the ONC should use its leadership to establish security best practices within the healthcare industry and emphasize the importance of general IT security.

In recent years, the HHS has become more strict in enforcing healthcare and data protection regulations. For example, earlier this year, the department fined Cignet Health a total of $4.3 million for violating privacy laws established by the Health Insurance Portability and Accountability Act. However, if the department hopes to establish greater data security practices throughout the industry, one might assume that it needs to get its one rule in order first.

Related posts:

  1. As APTs increase, US federal data protection measures still lacking, GAO says
  2. Report: Executives must be involved in mobile security strategy
  3. Report: Cloud computing skills, knowledge lacking
  4. Data security measures lacking, despite popularity in mobile banking

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.