New York City Health and Hospitals Corporation

Selected General Controls Over Data Center Security

The New York City Health and Hospitals Corporation (HHC) operates the hospitals, clinics and other facilities in New York City’s municipal hospital system. HHC maintains several major data centers to support these operations. We examined the effectiveness of certain controls established by HHC over data center security. We found that a number of improvements were needed in these controls. In particular, we identified weaknesses in controls that were intended to ensure that only authorized individuals had access to the medical information maintained by HHC. We also identified opportunities for improvement in business continuity and disaster recovery planning. Many of our findings and recommendations were not included in our public report due to the sensitivity of the information. However, these matters were communicated to HHC officials during the course of our audit.

For a complete copy of Report 2005-N-2 click here.
For a copy of the associated follow-up report click here.