A new report by the Government Accountability Office paints a disturbing picture of cybersecurity in the federal government.

The report shows a 1,300 percent increase in the number of reported cyberattacks on federal agencies between 2006 and 2015, from roughly 5,500 to more than 77,000.

The investigation also found that 19 of 24 major federal agencies reported their systems for protecting sensitive information were either a "material weakness or a significant deficiency."

Recommended For You

Among the factors contributing to the poor cybersecurity are an inability to recruit and retain qualified personnel in the fields of cybersecurity and inconsistent testing procedures to make sure that agencies are up-to-date in terms of security. Agencies also aren't providing enough oversight of the information they share with outside contractors.

The problem was most clearly demonstrated in the Department of Health and Human Services, which is responsible for records relating to tens of millions of Medicaid and Medicare beneficiaries.

In the past seven years there have been 1,667 breaches large enough to compromise the personal information of more than 500 individuals — an average of more than four successful attacks per week.

In addition, the report admonished HHS for not providing enough information to hospitals about how to protect themselves from similar attacks. Although private hospitals are expected to undertake their own security measures, their constant interaction with federal programs, particularly Medicare and Medicaid, means their ability to safeguard their systems is a government issue.

Government agencies are already empowered by legislation to do all of the things they need to do to improve security, the report notes. They just haven't implemented them or have done so inconsistently.

"(E)stablishing and maintaining a qualified cybersecurity workforce needs to be a priority," the report concluded.

Earlier this year, HHS Secretary Sylvia Burwell announced the creation of the Health Care Industry Cybersecurity Task Force, made up of a group of cybersecurity experts and health care sector leaders representing hospitals, insurers, and drugmakers. 

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.