Security News > 2001 > May > Congress to hear status report on Medicare's computer security

http://www.nandotimes.com/technology/story/13270p-269250c.html The Associated Press WASHINGTON (May 22, 2001 09:04 p.m. EDT) - Security experts will tell Congress on Wednesday that the agency controling Medicare lacks enough computer security personnel to oversee the agency's many contractors and maintain the integrity of its networks. The Health Care Financing Administration contractors were "outright obstructive to providing sound security," wrote Michael Neuman of En Garde Systems of Albuquerque, N.M., in a prepared statement to legislators. The testimony will be given to a House oversight subcommittee looking into whether private medical information held by the government is secure from hackers. Medicare provided health insurance for about 39.5 million elderly and disabled Americans at a cost of approximately $215 billion last year. En Garde and other security companies were paid by HCFA to test its computer networks between 1997 and 2001. All of the companies found significant security weaknesses during their tests. The oversight committee's chairman, James Greenwood, R-Pa., called for the agency to do better. "HCFA must improve the basics of security management," Greenwood said in prepared remarks. Neuman complained that it took HCFA a year of negotiations to lay down the ground rules for their latest security test, and that En Garde was not allowed to touch certain systems during its tests, making the test results "unrealistic." But even with the restrictions, En Garde had little trouble breaking in. "Using an extremely old, very well known vulnerability in the WWW server software, we were able to gain access to HCFA's Web server without any more technical expertise than it takes to point and click," Neuman said.

News URL

http://www.nandotimes.com/technology/story/13270p-269250c.html