Department of Health

Healthcom Network Security Controls

The Department of Health maintains sensitive and confidential data on various computer systems, many of which are operated on or connected to an internal Department computer network called Healthcom. Healthcom has logical connections to other computer networks, including the NYeNET (a statewide network used by State and local government agencies), the statewide data center maintained by the Office for Technology, and outside consultant networks. Healthcom is equipped with a series of firewalls that are intended to protect the network against unauthorized access and create secure areas for sensitive information. We audited selected aspects of the security controls in place over the Healthcom network, and found that certain improvements could be made in these controls. So as not to compromise the security of the network, our detailed findings and recommendations were not included in our report, but were presented separately to Department officials throughout the course of our audit.

For a complete copy of Report 2002-S-34 click here.
For a copy of the associated follow-up report click here.