One of the components of the National Institutes of Health’s All of Us precision medicine research program failed to implement adequate security measures to protect participants’ personal health information, according to a new report from the HHS Office of Inspector General.
In an audit of the program, the OIG identified vulnerabilities in the system of Vibrent Health’s Participant Technology Systems Center that could have allowed hackers with even limited technical knowledge to gain access to private patient data. The PTSC also failed to encrypt cloud storage offerings, lacked proper policies and procedures to address potential cybersecurity incidents and did not adequately scan its network for such vulnerabilities.
According to the report, upon being notified of the vulnerabilities by the OIG, the NIH and PTSC immediately rectified the issues. The OIG did not find any issues with the other All of Us component audited, Vanderbilt University Medical Center’s Data and Research Center.
Date: June 26, 2019
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Source: Becker’s Health IT & CIO Report
