As part of their report, the OIG simulated wireless cyber-attacks on CMS using common techniques. They found that while CMS security blocked certain attacks, they found four specific vulnerabilities in the online security controls. “The vulnerabilities that we identified were collectively and, in some cases, individually significant,” the report said. While they did not find evidence of any attacks, the OIG did find that “exploitation could have resulted in unauthorized access to and disclosure of personally identifiable information.”
In their public comment on the report, CMS said that they concur with the OIG’s findings, they have addressed some of the problems that were found, and that they are currently addressing the rest. However, the report says that in a separate comment on a more detailed account that OIG sent directly to them, CMS said it accepts the risk presented by a number of the security weaknesses.
[Image via Shutterstock]