The House Energy and Commerce Committee has said information systems of the Food and Drug Administration and other operating divisions under the Department of Health and Human Services have suffered breaches since 2013 through unsophisticated methods.
In a report dated Thursday, the House panel announced its finding and said the conclusion is connected to a probe it launched in December 2013 after the FDA experienced a network intrusion at one of its data systems on Oct. 15, 2013.
The committee said officials at five HHS divisions did not provide sufficient and accurate information on security breaches and the divisions prioritized operations over data security issues as cited in the department’s Office of Inspector General reports on information systems.
Legislators also found what they said were lapses in the authority and expertise of information security officials to perform their duties, including misidentification of security vulnerabilities and restrictions on their ability to gain full visibility into their own computer networks.
The House panel also suggested the chief information security officer position should be moved to HHS’ Office of the General or Chief Counsel.