Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Public Summary Report: Wireless Penetration Test of Centers for Medicare & Medicaid Services' Data Centers

We performed a wireless penetration test of select Centers for Medicare & Medicaid Services' Data Centers and facilities to determine whether CMS's security controls over its wireless networks were effective.

Although the Centers for Medicare & Medicaid Services had security controls that were effective in preventing certain types of wireless cyber-attacks, we identified four vulnerabilities in security controls over its wireless networks.

The vulnerabilities that we identified were collectively and, in some cases, individually significant. Although we did not identify evidence that the vulnerabilities had been exploited, exploitation could have resulted in unauthorized access to and disclosure of personally identifiable information, as well as disruption of critical operations. In addition, exploitation could have compromised the confidentiality, integrity, and availability of CMS's data and systems. We promptly shared detailed information with CMS about our preliminary findings in advance of issuing our draft report.

We recommended that CMS improve its security controls to address the wireless network vulnerabilities we identified.

Filed under: Centers for Medicare and Medicaid Services