While many have known that government networks are susceptible to computer attacks for some time, a new report from the Office of the Inspector General confirms the vulnerability of the Food and Drug Administration's (FDA) systems. Last year, the Office conducted a "network penetration test" to see how protected the FDA network was and how skilled it would be in responding were an attack to happen.
The results do not speak favorably of the agency's current approach to security. The testers discovered enough flaws in the system to allow for data leaks or even a block of important system functions.
Several aspects of the system showed problems: among other issues, error messages were found to show too much information, web page input was not validated correctly and the not all of the external servers were adequately assessed.
"In general, we recommended that FDA fix the Web vulnerabilities identified, implement more effective procedures to protect its computer systems from cyber attacks, and periodically assess the security of all of its Internet-facing systems," the report reads. It also advises that the FDA instead "provide essential capabilities and to determine what functions and services, some of which are provided by default, should be disabled or even eliminated."
Though the report said that the OIG was not able to actually enter the network, its recommendations point to another shortcoming in federal IT that needs to be addressed. Any organization that regularly connects to an insecure network could also be at risk.
Working with healthcare coding and consulting services will bring your organization closer to the national standard for security, and help you survive audits in the future.