Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Public Summary Report: Wireless Penetration Test of Centers for Medicare & Medicaid Services' Data Centers

Issued on  | Posted on  | Report number: A-18-15-30400

Report Materials

We performed a wireless penetration test of select Centers for Medicare & Medicaid Services' Data Centers and facilities to determine whether CMS's security controls over its wireless networks were effective.

Although the Centers for Medicare & Medicaid Services had security controls that were effective in preventing certain types of wireless cyber-attacks, we identified four vulnerabilities in security controls over its wireless networks.

The vulnerabilities that we identified were collectively and, in some cases, individually significant. Although we did not identify evidence that the vulnerabilities had been exploited, exploitation could have resulted in unauthorized access to and disclosure of personally identifiable information, as well as disruption of critical operations. In addition, exploitation could have compromised the confidentiality, integrity, and availability of CMS's data and systems. We promptly shared detailed information with CMS about our preliminary findings in advance of issuing our draft report.

We recommended that CMS improve its security controls to address the wireless network vulnerabilities we identified.


-
-
-