GAO says 793 information security-related recommendations remain unimplemented
The United States federal government needs to improve electronic health record data security and privacy, according to the Government Accountability Office’s (GAO) recently released federal information technology systems audit.
Since 2010, the GAO made 2,733 recommendations to federal agencies to improve the security of federal systems, but as of May 2018, 793 of the information security-related recommendations made have not been implemented, the report said.
According to the report, some of the actions that the federal government needs to take to strengthen cybersecurity include:
- Effectively implement risk-based entity-wide information security programs consistently over time
- Improve cyber incident detection, response, and mitigation capabilities
- Expand cyber workforce planning and training efforts
- Expand efforts to strengthen cybersecurity of the nation’s critical infrastructures
- Better oversee protection of personally identifiable information.
When it comes to the healthcare sector, the GOA says the federal government needs to better protect the security and privacy of electronic health information, ensure privacy when face recognition systems are used, and protect the privacy of users’ data on state-based health insurance marketplaces.
The GAO says further efforts by the Office of Management and Budget and other federal agencies to implement previous recommendations would better position the federal government to improve the management and security of federal information technology.