Cyber vulnerabilities permeate parts of the Food and Drug Administration’s (FDA) computer network, concluded an inspector general report.
The Health and Human Services Department (HHS) sent its IG to conduct a penetration test in October and November of last year. While the IG couldn’t actually gain unauthorized access to the network, it discovered vulnerabilities in the process.
{mosads}Certain Web pages didn’t check the validity of user-supplied information and the external systems didn’t lock people out.
It could have led to a data breach, the report said.
“Overall, FDA needed to address cyber vulnerabilities on its computer network.”
In fact, the FDA did reveal a breach last fall, that exposed the information of 14,000 user accounts.
Cybersecurity measures at federal agencies are under increased scrutiny in recent months, with a number of agencies admitting to breaches. Lawmakers pressed the HHS following a breach of Healthcare.gov, which the Government Accountability Office said in September it was still not fully secure.