March 23,2006

Grassley: Report Shows Computer Security of Medicare, Medicaid Data is Lacking

M E M O R A N D U M

To: Reporters and Editors
Re: GAO report on information security at HHS, CMS
Da: Thursday, March 23, 2006

Sen. Chuck Grassley, chairman of the Committee on Finance, with jurisdiction over
Medicare and Medicaid, asked the Government Accountability Office to review information security
at the Department of Health and Human Services and the Centers for Medicare and Medicaid
Services. The report found “significant weaknesses in controls designed to protect the
confidentiality, integrity, and availability of their sensitive information and information systems.”
The report, “Information Security/Department of Health and Human Services Needs to Fully
Implement Its Program,” GAO-06-267, will be available at www.gao.gov. Grassley made the
following comment on the report.

“Medicare and Medicaid offer care to about one in every four Americans. That’s tens of
millions of people. Now we’re learning that their medical, personal, and financial information is
vulnerable to fraud and abuse. Instead of firewalls to safeguard sensitive data, we have Swiss
cheese. These agencies have to once and for all implement their data protection programs and put
the security back into information security.”