Network Security, Vulnerability Management

GAO report recommends stronger security controls for third parties that receive Medicare beneficiary data

The U.S. Government Accountability Office (GAO) last week publicly released a report warning the Centers for Medicare and Medicaid Services (CMS) has failed to provide specific security controls guidance to research organizations with whom it shares Medicare beneficiary data.

According to the report, the CMS gives researchers too much leeway to assess their own vulnerabilities and apply the necessary fixes. On the other hand, CMS has instituted considerably stricter guidelines to other partners it shares data with, including Medicare Administrative Contractors (MACs) and "qualified entities" that evaluate the performance of Medicare service providers based on claims data.

The GAO report also notes that CMS has not established an oversight program for security implementations by either researchers or qualified entities. And while MACs are subjected to two independent annual assessments, the CMS does not consistently track vulnerabilities that are categorized as low-risk weaknesses. "Without more consistent tracking of these low-risk weaknesses, it may be difficult for CMS to determine if all weaknesses are being addressed in a timely manner," the report states.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.