Medical and financial information gathered on millions of Americans by Medicare, Medicaid and other government programs is vulnerable to thieves or pranksters because of inadequate computer security, federal investigators say.
This does not just involve Medicare as the USAToday article title states by a long shot. I would imagine they used Medicare because so many baby boomer retirees would be upset with this, as well they should be.
But this involves 13 Divisions of Health and Human Services (HHS) including Medicare, Medicaid and other government programs.
The article goes on to say,
“The soon-to-be-released GAO review focuses on the Department of Health and Human Services (HHS), whose agencies use computer systems to pay more than a billion Medicare claims worth more than $290 billion each year, track medical research at the National Institutes of Health and manage Food and Drug Administration programs.”
And that’s just the Medicare claims!
How many more people’s information may be at risk through the Medicaid/Aide to Dependent Children/ADC (or whatever it’s called these days). Medicaid, if I remember correctly would not only contain parental name(s), social security numbers, address etc., but also each of their children’s names and social security numbers AND all their health related information in the database.
Health information, which is a doctor/patient privilege, but may have been entrusted to these programs in exchange for financial, healthcare, or other program driven assistance.
The article also states that these 13 Divisions where investigators for the GAO reviewed management and audit reports from 2004 and 2005 showed the following deficiencies:
Anti-virus software not installed or up to date.
Lack of adequate control over computer passwords.
Employees and contractors serving without background checks.
Inadequate physical controls to prevent spying or theft, such as non-working surveillance cameras and unrestricted access to a data center.
And if some do not have even the most basic security like an up-to-date and/or existent antivirus, what kind of protection would they likely have against other malware that could use drive by installations to install trojan backdoors, keyloggers, system monitors, and other forms of malware, spyware, parasites, etc. that try to invade systems through vulnerabilities in browsers, email, other software, and the operating system itself?
“Fundamentally, it’s an organization that is behind in making security part of its regular operations,” says Alan Paller, who has seen the report but was not involved in writing it. Paller is research director at security firm the SANS Institute in Bethesda, Md. “It’s very dangerous for health care data.”
And any other data that might be on these computers that could potentially make identity fraud so much easier.
After working with consumer computers that have been hit with major security problems even with an active and/or updated antivirus onboard, it’s hard to believe this has been allowed to continue in this way.
What kind of example does this even hope to set for corporations, let alone anyone else.
As a Citizen of the United States of America, I am outraged about the lack of responsibility being afforded by our own government toward their Citizens’ personal, financial and health information.
What kind of fiduciary responsibility to American Tax Payers is this anyway?