Computer Crime Research Center


US data exposed to attacks

Date: March 28, 2006
Source: Australian IT

The US government's health insurance programs may put public medical and financial information at risk because of flawed computer security, according to Congress's investigative arm.

The centres for Medicare and Medicaid services must improve maintenance systems for blocking intruders and keep passwords up to date, the Government Accountability Office says in a report.

The report cites a case of a contractor, who for a year was transporting records of about 25,000 Medicare cheque payments in an unlocked container in a private car.

More than 10 million people were victims of identity theft last year, according to a January 31 report from the Better Business Bureau.

According to the office, Medicare and Medicaid have failed to do suitable background screenings for contractors, raising the risk of inappropriate use of consumers' information.

"We're learning their medical, personal and financial information is vulnerable to fraud and abuse," Iowa Republican Senator Charles Grassley says.

"Instead of firewalls to safeguard sensitive data, we have Swiss cheese."

Grassley is chairman of the Senate Finance Committee, which overseeing Medicare and Medicaid, which together provide medical insurance to about 90 million people.

The report doesn't cite examples of consumers hurt by lapses in security at Medicare or its parent agency, the Department of Health and Human Services.

"We did not identify any instance where it may have happened," the report's researcher and writer Gregory Wilshusen says.

The Accountability Office's report looks at computer security in August 2005, says Health and Human Services spokesman Bill Hall.

He says the department has created a plan to deal with deficiencies and has formed an oversight committee for contractors.

"Health and Human Services will continue its diligence and drive towards better security as it executes its responsibilities on behalf of the citizens," he says.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo