The healthcare industry, hit by a number of high-profile breaches recently, has some company in its information-security failures—the federal government—according to the Government Accountability Office.
The number of security incidents reported by federal agencies to the federal information security incident center during the past six years has increased by almost 680%, according to Gregory Wilshusen, the GAO's director of information security issues.
In prepared testimony (PDF) for a House subcommittee on oversight, investigations and management for the Department of Homeland Security, Wilshusen said multiple federal agencies are experiencing "significant weaknesses in information security controls" that "threaten the confidentiality, integrity and availability of critical information and information systems."
Assessments by the GAO, the agencies and their inspectors general of information security controls "revealed that most major agencies had weaknesses in most major categories of information system controls" during fiscal 2011, the GAO added. Vulnerabilities in systems that support the country's infrastructure can be exploited "with potentially severe effects," according to the testimony.
Security threats have been linked to software upgrades and defective equipment as well as to "intentional threats" from both "targeted and untargeted attacks from a variety of threat sources," including "criminal groups, hackers, terrorists, organization insiders and foreign nations engaged in crime, political activism or espionage and information warfare," according to the testimony.