Washington (DC) – Pentagon investigators have discovered that one of its contractors failed to provide adequate computer security for a military health services operation.
According to the report by the Pentagon’s inspector general, Apptis provided software maintenance, updates and testing for a Military Health System program that standardizes reporting of health costs. It has both sensitive and unclassified personnel data stored in its systems.
A computer system used by one of the company’s subcontractors was hacked from an address in China. Chinese hackers managed to get total access to the root network, according to the report, which didn’t say when the hack occurred, although the Pentagon started its investigation in August 2007.
The hack resulted in Apptis repaying $1.3 million of a $5.4 million Pentagon contract, according to Bloomberg. Apptis agreed to repay the Pentagon after investigators concluded the company and a subcontractor failed to provide “proper network security and information assurance services.”
Special agent Paul Sternal, head of the criminal service’s cyber crimes unit said that the case illustrated ‘an on-going problem in protection of Defense Department information that is not under the complete control of the department.’