Centers for Medicare and Medicaid Services (CMS) has taken steps to ensure their platform remains secure. Regardless of that, some vulnerabilities persist in their system of wireless networks, according to OIG.
There are four reported vulnerabilities. Currently, no evidence has been found of them being exploited in any way. However, if this were to happen, such an attack could easily compromise the integrity, confidentiality, and availability of those systems.
In order to identify those vulnerabilities, the company ran several penetration tests at CMS using ethical hacking methods. They used the same tools a normal attacker would, but instead of causing damage to the system, they used the information gained to notify CMS of the vulnerabilities they had discovered.
The authors of the report strongly urge CMS to patch these vulnerabilities in order to make the system safer and more secure for everyone involved. CMS has already responded, claiming that they have already fixed the majority of those vulnerabilities, and are working on the rest.
CMS also added that their team is constantly testing the system to catch any new, previously unidentified vulnerabilities.
OIG has identified 129 security gaps in the healthcare data systems, which is an 8% increase compared to 2013. As time goes on, they are confident in their mission to discover any further security threats, preventing hackers from gaining unauthorized access, compromising the data, modifying, or leaking it for ill purposes.