FDA cybersecurity ‘inadequate,’ IG says

Cyber vulnerabilities permeate parts of the Food and Drug Administration’s (FDA) computer network, concluded an inspector general report.

The Health and Human Services Department (HHS) sent its IG to conduct a penetration test in October and November of last year. While the IG couldn’t actually gain unauthorized access to the network, it discovered vulnerabilities in the process.

{mosads}Certain Web pages didn’t check the validity of user-supplied information and the external systems didn’t lock people out.

It could have led to a data breach, the report said.

“Overall, FDA needed to address cyber vulnerabilities on its computer network.”

In fact, the FDA did reveal a breach last fall, that exposed the information of 14,000 user accounts.

Cybersecurity measures at federal agencies are under increased scrutiny in recent months, with a number of agencies admitting to breaches. Lawmakers pressed the HHS following a breach of Healthcare.gov, which the Government Accountability Office said in September it was still not fully secure.