HHS said the component that was breached did not have a firewall, or intrusion detection software, installed on it.
What the?! Are you kidding me? And it took over a month to do a manual scan that detected it? How many millions have been paid to various tech consultant companies by this point, and this is still going on? Unbelievable.