In a report dated Thursday, the House panel announced its finding and said the conclusion is connected to a probe it launched in December 2013 after the FDA experienced a network intrusion at one of its data systems on Oct. 15, 2013.
The committee said officials at five HHS divisions did not provide sufficient and accurate information on security breaches and the divisions prioritized operations over data security issues as cited in the departmentâs Office of Inspector General reports on information systems.
Legislators also found what they said were lapses in the authority and expertise of information security officials to perform their duties, including misidentification of security vulnerabilities and restrictions on their ability to gain full visibility into their own computer networks.
The House panel also suggested the chief information security officer position should be moved to HHS’ Office of the General or Chief Counsel.