The Centers for Medicare & Medicaid Services uses a computer network that may lead to security breaches of Medicare beneficiaries’ personal information, according to a new report from the Government Accountability Office.

The GAO points to 47 weaknesses. These include: problems identifying and authenticating users who manage the network, poor control of network access and privileges, the inability to protect the network from external attacks, and insufficient audit trails to determine the source of transactions within the network. Such flaws could lead to unauthorized disclosures of personal information and disruptions in agency operations, the GAO report.

CMS is working to address the problems cited in the GAO report, according to agency Administrator Mark McClellan.