Series: Cybersecurity Testing of HHS and Consumer Mobile Applications

OBJECTIVE

Various HHS OpDivs use mobile applications as alternative ways to reach mobile device users. Cybersecurity researchers have indicated that a large majority of Android and iOS apps across every industry lack the most basic security protections.HHS-OIG will perform a series of penetration test audits of certain mobile applications to determine whether security controls protecting HHS and its OpDivs' mobile applications are effective in preventing certain cyberattacks. Also, as part of this work, we will determine whether HHS and its OpDivs are following required security standards and policies for the development and vetting of mobile apps.HHS-OIG will perform this work because of the steady increase in the use of mobile apps by HHS and its OpDivs to provide access to health services.

There are 3 projects in this series.

Project titles will remain unpublished until projects are complete and reports are posted.

ACTIVE PROJECTS IN THIS SERIES (2)

COMPLETED PROJECTS IN THIS SERIES (1)

Penetration Test of AHRQ Consumer Mobile Applications

Project A-18-22-09008 • Completed on December 17, 2024

TIMELINE

• October 11, 2021
  Series Number W-00-24-42040 Assigned
• October 11, 2021
  Project Announced

  Project A-18-22-09006

• February 15, 2022
  Project Announced

  Project A-18-22-09007

• March 14, 2022
  Project Announced

  Penetration Test of AHRQ Consumer Mobile Applications - A-18-22-09008

• December 17, 2024
  Project Complete - A-18-22-09008

  Penetration Test of AHRQ Consumer Mobile Applications has been marked as complete. This audit resulted in 3 recommendations.

• Today
  2 Audits In-Progress
• Est FY2026
  Estimated Fiscal Year for Series Completion

1 REPORT PUBLISHED

---