The Government Accountability Office's top computer security official reported to a congressional oversight committee June 7 that despite federal government agency claims that progress is being made, "significant weaknesses in information security controls threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of federal agencies."
A summary report and testimony were presented by the GAO's Gregory Wilshusen, director of information security issues at the federal watchdog agency. Wilshusen's testimony was given to the House Committee on Oversight and Government Reform chaired by Henry Waxman (D-Calif.).
Security breaches cited in the 33 pages of testimony and related documents were not limited to federal healthcare organizations, but two of the largest breaches didthe theft in a home burglary of a computer containing identifiable information on 26.5 million veterans receiving healthcare from the Veterans Affairs Department; and the theft of a laptop computer with the names, dates of birth, medical record numbers and telephone numbers of 49,572 Medicare beneficiaries.
Wilshusen charges that although "almost all of the major federal agencies had weaknesses in one or more areas of information security controls ... nevertheless, federal agencies have continued to report steady progress in implementing certain information security requirements. However, IGs (inspectors general) at several agencies sometimes disagreed with the agency's reported information and identified weaknesses in the processes used to implement these and other security program activities."