Skip Navigation
United States Flag

An official website of the United States government. Here's how you know >

U.S. Flag An official website of the United States government.
Change Font Size

Public Summary Report: Wireless Penetration Test of Centers for Medicare & Medicaid Services' Data Centers

We performed a wireless penetration test of select Centers for Medicare & Medicaid Services' Data Centers and facilities to determine whether CMS's security controls over its wireless networks were effective.

Although the Centers for Medicare & Medicaid Services had security controls that were effective in preventing certain types of wireless cyber-attacks, we identified four vulnerabilities in security controls over its wireless networks.

The vulnerabilities that we identified were collectively and, in some cases, individually significant. Although we did not identify evidence that the vulnerabilities had been exploited, exploitation could have resulted in unauthorized access to and disclosure of personally identifiable information, as well as disruption of critical operations. In addition, exploitation could have compromised the confidentiality, integrity, and availability of CMS's data and systems. We promptly shared detailed information with CMS about our preliminary findings in advance of issuing our draft report.

We recommended that CMS improve its security controls to address the wireless network vulnerabilities we identified.

Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.

Download the complete report.

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201