Las Vegas Sun

November 30, 2009

Currently: 66° | Complete forecast | Log in

Editorial: Personal data at risk

Tuesday, Oct. 10, 2006 | 7:22 a.m.

A recent federal report shows that significant computer security weaknesses exist in the Medicare and Medicaid programs, which could lead to the unintended disclosure of participants' personal medical information.

An administrator for the Centers for Medicare and Medicaid Services told federal investigators that the flaws have not resulted in any security breaches. But the Government Accountability Office report says that the agency's computer system lacks a reliable method of auditing or tracking the computer network's activity, so it is unclear how, or even whether, such breaches would be caught.

The GAO, which is the investigative arm of Congress, found that the agency's Medicare and Medicaid data are not encrypted, making it easy for a hacker to see beneficiaries' personal information. The agency has failed to keep a complete record of who has access to the database, the GAO reports, and uses passwords that in some cases are too easy to guess.

Computer security breaches do happen - the most recent of which involved a laptop stolen from the Veterans Affairs Department that contained the personal data on millions of active-duty and retired military personnel. And more than once in the past three years, a federal judge has ordered the Interior Department to shut down its Internet access because of security flaws that placed personal financial information stored in the Bureau of Indian Affairs tribal trust accounts at risk.

"Our previous reports, and those of agency inspectors general, describe persistent information security weaknesses that place a variety of federal operations at risk of disruption, fraud, or inappropriate disclosure of sensitive data," the GAO report says.

Americans typically must submit their most sensitive personal data to receive government services, and they should be able to do so without fear of identity thieves. It is astonishing - and unacceptable - that the federal government needs to be told time and again, agency by agency, that its databases lack adequate security.

archive

  • Most Read
  • Discussed
  • Most E-mailed

Calendar »

  • 30 Mon
  • 1 Tue
  • 2 Wed
  • 3 Thu
  • 4 Fri