BreachExchange mailing list archives
Medicare Patient Data Insecure, GAO Says
From: Richard Forno <rforno () infowarrior org>
Date: Wed, 04 Oct 2006 13:15:38 -0400
Medicare Patient Data Insecure, GAO Says By Kevin Freaking Associated Press Wednesday, October 4, 2006; D02 http://www.washingtonpost.com/wp-dyn/content/article/2006/10/03/AR2006100301 430_pf.html Security weaknesses have left millions of elderly, disabled and poor Americans vulnerable to unauthorized disclosure of their medical and other personal records, federal investigators said yesterday. The Government Accountability Office said it found 47 weaknesses in the computer system used by the Centers for Medicare and Medicaid Services to send and receive bills and to communicate with health-care providers. The agency oversees health-care programs that benefit one in four Americans. Its data are transmitted through a computer network that is privately owned and operated. The CMS did not always ensure that its contractor followed the agency's security policies and standards, according to the GAO. "As a result, sensitive, personally identifiable medical data traversing this network are vulnerable to unauthorized disclosure," the federal investigators said. CMS administrator Mark McClellan said that the agency was working to address problems cited in the report but noted that the GAO "found no evidence that confidential or sensitive information had actually been compromised." The network handling Medicare claims transmits information, such as a patient's diagnosis, drugs and treatment facility, as well as Social Security numbers, addresses and dates of birth, the investigators said. The investigators and CMS emphasized that the report focuses solely on the transmission of data. The auditors did not evaluate security controls for the servers used to store patient data. Sen. Charles E. Grassley (R-Iowa) said Medicare and Medicaid officials need to respond quickly to the GAO findings. "Beneficiaries and providers expect that sensitive health information is protected, and it's up to the agency officials to ensure the system is secure," said Grassley, chairman of the Senate Finance Committee. CMS officials said they have corrected 22 of the 47 weaknesses cited by GAO auditors. Nineteen more are scheduled to be resolved soon, and the remaining six are under review. © 2006 The Washington Post Company _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 136 million compromised records in 395 incidents over 6 years.
Current thread:
- Medicare Patient Data Insecure, GAO Says Richard Forno (Oct 04)
- Re: Medicare Patient Data Insecure, GAO Says Al Mac (Oct 04)