Federal agencies -- including departments that manage health data -- have major security weaknesses in their IT systems, according to an official from the Government Accountability Office, Modern Healthcare reports.
Rise in Cybersecurity Incidents
On Tuesday, Gregory Wilshusen -- GAO's director of information issues -- delivered prepared testimony to a House subcommittee saying that the number of cybersecurity incidents reported by federal agencies increased by nearly 680% during the last six years (Conn, Modern Healthcare, 4/25).
Wilshusen noted that federal agencies reported 42,887 cybersecurity incidents in 2011, up from the 5,503 cybersecurity incidents reported in 2006 (Sasso, "Hillicon Valley," The Hill, 4/25).
Implications for Health Data
In his testimony, Wilshusen noted that many cybersecurity attacks target personal health data. He cited incidents such as:
- A March attack on a state-run computer system in Utah, which exposed the personal data of more than 750,000 Medicaid and Children's Health Insurance Program beneficiaries; and
- The 2010 theft of 57 unencrypted computer hard drives from the offices of Blue Cross and Blue Shield of Tennessee, which exposed the personal data of nearly one million people and led the insurer to pay a $1.5 million settlement to HHS for HIPAA violations.
Wilshusen noted that many vital services -- including health care -- are becoming increasingly dependent on IT tools and services. Therefore, he added, the security of such IT systems is crucial to protecting public health (Modern Healthcare, 4/25).