Federal auditors have determined the FDA needs to ramp up its cybersecurity efforts in order to deter hackers.
Auditors for the U.S. Health & Human Services Dept.’s Inspector General’s Office tested many of the FDA’s IT systems in the wake of a security breach last October that exposed approximately 14,000 user accounts.
"Although we did not obtain unauthorized access to the FDA network, we identified the following issues: Web page input validation was inadequate, external systems did not enforce account lockout procedures, security assessments were not performed on all external servers, error messages revealed sensitive system information, and demonstration programs revealed sensitive information. These could have led to: (1) the unauthorized disclosure or modification of FDA data or (2) FDA mission-critical systems being made unavailable," wrote Thomas Salmon, HHS assistant inspector general for audit services, in the report.
The report also noted the team was unable to test seven external mission-critical systems because the agency did not want to risk their being knocked offline.
Salmon added the team made seven recommendations to improve cybersecurity at the agency. For security reasons, details of the recommendations were not included in the report.