The Government Accountability Office has identified several vulnerabilities in the Centers for Medicare and Medicaid Services’ technical controls for systems that support the federal health insurance marketplace.
GAO said Wednesday it found insufficient administrator privilege restriction, inconsistent security patch implementation and insecure administrative network configuration for Healthcare.gov supporting systems and the Federal Data Services Hub.
GAO reports that CMS did not develop a schedule for security oversight procedures and follow-up corrective actions.
The government watchdog recommends that CMS establish procedures for the oversight of state-based marketplaces and enforce continuous security monitoring for those marketplaces.
Oversight and continuous monitoring work to ensure the security and privacy of data processed through Healthcare.gov, GAO noted.