TRENDING:

Encryption & Key Management , Security Operations

FAA Criticized for IT Security

Inspector General Says Medical Info Inadequately Protected Howard Anderson (ismg_editor) • June 28, 2010    
FAA Criticized for IT Security
The Federal Aviation Administration is inadequately securing medical and personal information on the more than 3 million airmen who it certifies as being fit to operate an aircraft, according to a new government report.

The Office of the Inspector General in the U.S. Department of Transportation said its findings mean that airmen's information is "vulnerable to unauthorized access and use and potential falsification of medical certificates that could lead to unfit airmen being medically certified to fly."

The inspector general, in the report on the FAA's Airmen Medical Support Systems, states that names, addresses, Social Security numbers, medical data and other information "are not properly secured to prevent unauthorized access and use."

Controls Lacking

The new report found that the FAA has not fully implemented security controls, such as multi-factor authentication, audit trail reports and encryption, as required by the Office of Management and Budget and the Department of Transportation.

The report says investigators found vulnerabilities on Medical Support Systems computers, "such as configuration allowing intruders to install malicious codes on FAA user computers." Inadequate contingency planning also threatens MSS service continuity, according to the report.

The report notes, however, that the FAA "took immediate action to enhance security protection," such as by restricting access to the systems by former staff members. However, it states "additional improvements are needed" to adequately secure data from unauthorized use.

15 Recommendations

The 31-page report recommends 15 steps to make the information more secure, including extensive use of encryption and multi-factor authentication as well as such contingency planning steps as acquiring a back-up server and upgrading databases.

The Health Information Technology for Economic and Clinical Health Act, passed last year as part of the economic stimulus package, set tougher penalties for violations of the federal privacy and security rules under the Health Insurance Portability and Accountability Act, such as for unauthorized access to private medical information.

Previous
White House Unveils Online Authentication Plan
Next
U.S. Spends $8.8 Billion to Secure Classified Data

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.